CASE  STUDY:  HOW  KOCH  INDUSTRIES  WEIGHS  I.T.  OPTIONS 


PLUS 


THE  ENEMY 
WITHIN 

Your  Guide 
To  Guarding 
Against  Internal 
Security  Threats 

Page  76 


mm 


5  CLASSIC 
PLANNING 
MISTAKES 

And  How  To 
Avoid  Them 

Page  84 


DEMAND  FORECASTING 


CIO  Louie  Ehrlich  believes 
sharing  information  is  simply 
the  most  cost-effective  way 
ChevronTexaco  can  do  business. 


ChevronTexaco  knows  how  much  oil 
it  will  sell  before  it  pumps  the  first  barrel 


TREND 

MICRO™ 


Information  is  organic.  Its  form  and  location  can  change  from  one  moment 
to  the  next  depending  on  who  is  using  it.  One  second  it  is  here.  The  next 
second  it  is  there.  To  secure  information  is  to  understand  how  it  can 
be  used,  where  it  will  exist,  and  what  it  may  become.  Every  moment 
of  every  day.  _  ■ 

Complacency  is 
Information  will 


©2002  Trend  Micro  Incorporated.  All  rights  reserved.  Trend  Micro  Inc.  and  the  T-ball  logo  are  trademarks  of  Trend  Micro  In 
and  registered  in  certain  jurisdictions  All  other  brand  and  product  names  are  the  registered  trademarks  of  their  companies 


the  enemy  of  security, 
continue  to  change. 

To  keep  information  secure,  we  must  be  able  to  predict  and  adapt.  Intuitive  Information  Security 
combines  human  intuition  —  the  application  of  knowledge  based  on  experiences,  patterns 
and  trends  —  and  adaptive  technology  to  create  new  strategies.  Evolving  security  strategies 
that  can  be  automatically  deployed  across  entire  networks  instantly.  No  matter  how  much 
information  changes. 


•! 

■•• .  i 

$!:#' 

in::::::::, 

:::::::::::: 

•••••«••*««• 

:::::::::::: 


*•*•(  PowerEsjg^ 


powerful 

46«!  J 


There's  a  Dell  PowerEdge  server 
with  Windows*  2000  Server 
for  every  kind  of  business. 

From  "kind  of  start  up"  to  "kind  of  FORTUNE  500.®" 


!***••••••##### 

**••••••••§•#§# 

•••• •  • ••••••••• 

••••••••••ft#*# 

••••••••••••••I 

•  •••••••••••Ml 

•••••••••••••r* 

•••••••••••••< 

••••••••••••••• 

••••••••••••••• 

#•••••••••••••• 

!•••••••••••••• 

!§••••••••••••• 

*•#•••••••••••» 

♦••••••••••*••! 

•#••••••••••••• 

<§#####••••••••*■ 

!8sk::::s::s:  ... 

rn;?**********1  **! 


I  No  matter  the  size  of  your  company,  we've  got  a  server  that  fits.  Dell  PowerEdge  servers  with  Windows®  2000 
Server  operating  system  have  many  amazing  "abilities":  scalability,  availability,  manageability  and  serviceability.  So  they 
grow  with  your  business,  minimize  downtime,  are  easy  to  integrate  and  even  easier  to  support.  No  matter  what  your 
business  needs  -  from  file/print  to  database  management  -  you  can  choose  the  server  with  Microsoft®  Windows®  2000 
Server  operating  system  that  is  right  for  you.  And,  by  dealing  direct  with  Dell,  you  get  a  system  customized  to  fit  your  business  needs,  at  an  affordable 
price,  backed  by  our  award-winning  service  and  support.  It's  a  nice  mix  of  exactly  the  server  you  need  with  exactly  the  operating  system  you  want. 

PC  Magazine  Editors'  Choice  Award 

Small  Business  Solutions 
-  April  2002 


Ask  about 


60 

same-as-cash 

for  qualified  customers30 


DAYS 


Dell  |  Small  Business 

PowerEdge™  1500SC  Server 

NEW  Simple  and  Strong  Tower  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GB5  (1  OK  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Intel®  PRO  Gigabit  NIC 

•  1-Yr  Next  Business  Day  On-Site  Service,3 1-Yr  Limited  Parts 
Warranty,2 1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

A  or  as  low  as$37/mo.,  46  payments.30  60 

days  same-as-cash  for  qualified  customers. 

IfcVW  E-VALUE  Code:  11516-290512 


Recommended  upgrades: 

•  NEW  PowerConnect”  2124* *  24-Port  Unmanaged  Switch 
with  Gigabit  Port,  add  $299 

•  System  Including  Small  Business  Server  2000  and 
Memory  Upgrade  to  256MB  is  $2699 


PowerEdge™  1650  Server 

NEW  Highly  Available  1U  Rack-Optimized  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Dual  Embedded  Gigabit  NICs 

•  Hot-Swap,  Redundant  Cooling  Fans 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  Optional  Redundant  Power  Supplies 

•  3-Yr  Next  Business  Day  On-Site  Service3 

or  as  low  as  $48/mo„  46  payments.30  60 
^  lf%Vlvl  days  same-as-cash  for  qualified  customers 

■  WWW  E-VALUE  Code:  11516-290516 


Recommended  upgrade: 

•  System  Including  Windows®  2000  Server  is  $2499 


PowerEdge™  2500  Server 

Robust  and  Scalable  Tower  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  6GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Intel®  10/100  NIC 

•  Hot-Swap,  Redundant  Cooling  Fans 

•  Optional  Hot-Swap,  Redundant  Power  Supplies 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  3-Yr  Next  Business  Day  On-Site  Service3 

or  as  low  as  $54/mo.,  46  payments?0  60 
^  |  x II VI  days  same-as-cash  for  qualified  customers. 

■  WWW  E-VALU  E  Code:  1 1 51 6-29051 8 


Recommended  upgrades: 

•  PowerConnect”  3024*  24-Port  Managed  Switch,  add  $699 

•  System  Including  Windows®  2000  Server  is  $2699 


PowerVault™  PV715N  Storage 

NEW  NAS  File  Sharing  Storage 

•  Offloads  Storage  Load  from  Desktops  and  Servers 

•  Snap  Shot  Capability  for  Backing  up  Stored  Data 

•  Intel®  Celeron®  Processor  at  900MHz 

•  256MB  SDRAM  (up  to  512MB) 

•  160GB  IDE  Hard  Drive  -  Four  40GB  Bays 

•  Dual  10/100  Ethernet  Ports 

•  SCSI  Port  for  Local  Backup 

•  Multi-Platform  Support  of  PC,  Unix,  Apple,  and  Novell 

•  Powered  by  Windows®  Operating  System 

•  1-Yr  Next  Business  Day  On-Site  Service,3  3-Yr  Limited  Parts 
Warranty?  Lifetime  24x7  Dedicated  Server  Phone  Tech  Support 

M  M  or  as  low  as  $51  /mo.,  46  payments.30  60 
#yy  days  same-as-cash  for  qualified  customers. 

I#  WW  E-VALUE  Code:  11 51 6-29051 7n 


pentium®/// 


Servers  for  any  size  business.  Easy  as 


D*LL 


Visit  www.dell.com/cio  or  call  toll  free  1-877-361-3355. 


Dell 


Call:  M-F  7a-8p  Sat  8a-5p  CT 

Pricing,  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary.  U.S.  Dell  Small  Business  (BSD  and 
BASD)  new  purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography. 


PCs  use  genuine  Microsoft®  Windows® 
www.microsoft.com/piracy/howtotell 


'This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered 
for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained. 


•’For  a  copy  of  our  Guaiantees  or  Limited  Warranties,  write  Dell  USA  L.P,  Attn:  Warranties.  One  Dell  Way.  Round  Rock,  Texas  78682.  Service  may  be  provided  by 
third  party  Technician  will  be  dispatched,  if  necessary,  following  phone-based  troubleshooting.  To  receive  Next-Business-Day  service,  Dell  must  notify  service 
provider  before  5  pm  (depending  on  service  contract)  customer's  time.  Availability  varies.  -For  hard  drives,  GB  means  1  billion  bytes;  accessible  capacity  varies  with 
operating  environment,  '  Monthly  payment  is  based  on  a  48-month  12.99%  interest  rate  for  qualified  business  customers.  Your  interest  rate  and  monthly  payment 
may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  size  of  $500  is  required.  Maximum  aggregate  financed  amounts  not  to  exceed 
$25,000.  Under  60  Days  Same-As-Cash  QuickLoan,  interest  accrues  during  first  60  days  after  the  Quickloan’s  Commencement  Date  (which  is  five  days  after  product 
ships)  if  balance  is  not  paid  within  these  60  days  STATED  INI  BREST  RATE  AND  60  DAYS  SAME-AS-CASH  QUICKLOAN  ARE  FOR  QUALIFIED  ONLINE  BUSINESS 
CUSTOMERS.  OFFER  VARIES  BY  CREDITWORTHINESS  Of  CUSTOMER  AS  DETERMINED  BY  LENDER.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary  Not 
valid  on  past  orders  or  financing.  QuickLoan  is  from  CIT  OnLme  Bank  to  Dell  Small  Business  (BSD)  online  customers  with  approved  credit.  Dell,  the  stylized  E  logo, 
E  Value,  PowerEdge,  PowerConnect  and  PowerVault  are  trademarks  of  Dell  Computer  Corporation.  Intel,  Intel  Inside  and  Pentium  are  trademarks  or  registered 
trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  Slates  and  other  countries  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft 
Corporation  ©2002  Dell  Computer  Corporation  All  rights  reserved 


© 

USE  THE  POWER  OF 
THE  E-VALUE  CODE. 

Match  our  latest  technology 

with  our  latest  prices.  Enter  the 

VALUE 

E-VALUE  code  online  or  give  it 
to  your  sales  rep  over  the 
phone  www  dell  com/evalue 

when  Yahoo! 

wanted  to 

empower  busiNesses, 

they  chose  Novell. 


How  does  Yahoo!®  Enterprise  Solutions  make  portal  products  shine?  Yahoo!  puts  the  power  of  Novell®  eDirectory™  in  its 
enterprise  portal  solution.  With  it,  your  customers,  employees,  partners  and  suppliers  can  securely  access  the  information  they 
need  from  any  Web-enabled  device.  And  your  intranets,  extranets  and  the  Internet  can  work  as  one  Net.  The  result?  More 
productive  employees  and  lasting  relationships  with  partners  and  customers.  All  while  leveraging  existing  IT  resources  to 
increase  your  ROI.  To  learn  more  about  how  Novell  can  empower  your  business,  visit  www.novell.com/success/yahoo.htnil 

Novell 

the  power  to  chaNge 


<D  Copyright  2002  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  and  the  power  to  change  and  eDirectory  are  trademarks  of  Novell,  Inc.,  in  the  United  States  and  other  countries. 
Yahoo!  is  a  registered  trademark  of  Yahoo!.  Inc. 


VOL.  15  •  NO.  16  •  JUNE  1,  2002 


Cover  Story 

SUPPLY  CHAIN  MANAGEMENT  I  68 

Drilling  for  Every 
Drop  of  Value 

When  ChevronTexaco  stopped  worrying  about  how  much  oil 
it  could  pump  and  started  worrying  about  how  much  its 
customers  wanted,  it  began  driving  cost  out  of  its  supply  chain, 
increasing  efficiency  and  transforming  its  business. 

By  Ben  Wortben 

COVER  PHOTO  BY  ANDY  FREEBERG 


1 

i 

I 


“We  acted  like  a  manu¬ 
facturing  company,  just 
trying  to  make  products, 
when  really  the  market 
was  customer-driven,” 
says  Louie  Ehrlich, 
ChevronTexaco  CIO  for 
global  downstream. 


Features 


SECURITY 

Dr.  Crime’s  Terminal  of  Doom  and  Other  Tales 
of  Betrayal,  Sabotage  and  Skullduggery  I  76 

Most  computer  attacks  come  from  the  outside.  But  the  costliest 
ones  come  from  the  inside.  Here’s  how  to  manage  the  risk  without 
making  honest  employees  feel  like  crooks.  By  Sarah  D.  Scalet 


When  planning  his  company's 
IT  strategy,  Arnie  Rind,  CIO  of 
Adecco's  North  American  opera¬ 
tions,  doesn't  forget  the  line  of 
business  workers.  “I  often  say 
that  we  in  corporate  say  we  know 
what’s  going  on  with  the  busi¬ 
ness,  but  the  people  in  the  field 
really  know."  84 


STRATEGIC  PLANNING 

Strategic  Planning  Don’ts  (and  Dos)  I  84 

As  you  write  your  company’s  next  IT  strategic  plan,  don’t  repeat 
these  classic  mistakes.  By  Derek  Slater 

CASE  FILES  I  VALUE  PROPOSITION 

Hard  Numbers  for  Hard  Choices  !  94 

When  it  comes  to  choosing  the  best  IT  option  for  improving 
efficiency  and  saving  money,  Koch  Industries  leaves  nothing 
to  guesswork.  By  Matt  Villano 

CRM 

The  Little  Banks  That  Could  I  102 

Faced  with  growing  competition  from  the  big  guys,  the  little  engines 
that  could — in  this  case,  small  and  midsize  banks — are  using  CRM 
to  make  it  over  the  mountain.  By  Stephanie  Overby 

MORE  ►►► 


THE  GOOD  NEWS  IS,  YOU  NOW  HAVE  MORE  VALUABLE 
INFORMATION  COMING  INTO  YOUR  BUSINESS  THAN  EVER  BEFORE. 

BUT  THEN,  THAT'S  ALSO  THE  BAD  NEWS. 


BrightStor™  Storage  Resource  Manager 

The  smart  alternative  to  managing  your  storage. 

You  never  thought  you  could  have  too  much  of  a  good  thing  when  it  came  to 
critical  business  information.  But  now  the  time  has  come.  That's  why  it's  more 
important  than  ever  to  have  the  right  software.  With  BrightStor  Storage  Resource 
Manager,  you  can  finally  get  a  firm  handle  on  all  your  assets.  BrightStor™  works 
across  multiple  platforms,  protocols,  and  applications,  so  you  can  tap  into 
information  throughout  your  enterprise,  wherever  it  may  be.  As  a  result,  you  can 
truly  leverage  your  resources,  making  them  work  for  you  like  never  before.  And  the 
downside?  There  isn't  one.  To  find  out  more,  go  to  ca.com/brightstor/srm  today. 


Computer  Associates™ 


HELLO  TOMORROW" 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS;v 


©2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks  and  logos  referenced  herein  belong  to  their  respective  companies. 


MARKETING 


... 

Keeping  content  separate  and  distinct 
has  historically  been  a  good  idea. 


Today,  it’s  an  open  invitation  to  chaos. 


!  VIGNETTE  Are  you  managing  content  or  managing  chaos?  Your  enterprise  coul< 

Content  Management  is  no  longer  an  elective  Web  strategy.  Vignett< 
and  many  others  unify  their  Web  strategy.  Find  out  how  Vignette  cai 


2  crippled  by  its  inability  to  manage  information  that’s  locked  in  silos  across  your  organization, 
is  helped  leaders  like  The  Wall  Street  Journal  Online,  J.D.  Edwards,  T.Rowe  Price,  Sun  Microsystems 
lip  your  business  initiative  by  requesting  the  “Best  Practices”  CD  at  www.vignette.com/cio/silos. 


Columns 

TOTAL  LEADERSHIP 

Time  to  Go  I  52 

Deciding  to  leave  a  company  can  be  one  of 
the  toughest  choices  a  leader  has  to  make. 
Here’s  how  to  do  it  right. 

By  Patricia  Wallington 

CXO  PERSPECTIVES 

Lessons  in  Shareholder  Value  I  58 

To  deliver  real  value  to  the  business,  CIOs 
must  make  all  investment  decisions  with 
the  company’s  long-term  goals  in  mind. 

By  Raghauan  Rajaji 

ASK  THE  EXPERT 

Courts  Say  It’s  OK:  Peep 
Away  !  132 

Ken  Segarnick  answers  readers’  questions 
about  the  legal  consequences  of  electronic 
monitoring. 

CAREER  COUNSEL 

Two-Stepping  to  a 
New  Political  Reality  I  136 

Mark  Polansky  answers  IT  career  questions 
and  offers  advice  to  CIOs  and  aspiring  IT 
managers. 

Sections 

TRENDLINES  I  36 

A  sucker  logs  on  every  minute;  Stress 
inducers  in  the  office;  Wiring  the  world. 
And  more 

ON  THE  MOVE  I  40 

CIOs  on  the  go — see  where  your  IT  peers 
are  working  now. 

BY  THE  NUMBERS  I  48 

Increase  profit  and  output — trade  online. 


CIO  OBSERVER  I  64 

Life  Among  the 
Seriously  Bored 

By  Jerry  Gregoire 

Why  do  CIOs  go  numb  or  go  crazy?  Why 
do  CIOs  change  jobs  so  often?  Because 
one-size-fits-all  IT  has  taken  all  the  fun  (and 
challenge)  out  of  the  job.  Don’t  fret, 
though.  There  are  alternatives. 


EMERGING  TECHNOLOGY  I  110 

Computer  forensics  can  help  companies 
uncover  the  digital  truth. 

By  Michael  Goldberg 

COOL  PRODUCT  1  114 

Candid  cameras  on  the  Internet. 

UNDER  DEVELOPMENT  I  116 

A  chip  converts  heat  into  electrical  power. 

COMPANIES  TO  WATCH  I  118 

CenterRun  targets  Web  app  management. 

PUNDITS  I  120 

Bud  Bates  asks,  Whatever  happened  to 
GSM  and  GPRS? 

OPINION  I  122 

RE: 

Companies  need  to  establish  a  new  executive- 
level  position:  the  chief  security  officer. 

By  Judy  B.  Homer 

Experience  has  shown  that  asking  What  if? 

is  the  best  way  to  guard  against  Why  me? 

By  Michael  Symmers 

REALITY  BYTES  I  126 

How  you  lay  people  off  says  a  lot  about 

you  and  your  organization. 

By  Megan  Santosus 


FROM  THE  PUBLISHER  I  130 

How  good  a  salesperson  are  you? 

By  Gary  Beach 

In  Every  Issue 

FROM  THE  EDITOR 

Customer  Focus  I  24 

Now  that  you  have  all  of  your  customers’ 
information,  what  do  you  do? 

By  Abbie  Lundberg 

INBOX  I  26 

Reader  feedback 

BOARD  OF  ADVISERS  !  33 

These  are  the  24  leaders  whom  CIO  uses 
as  a  sounding  board. 

INDEX  I  143 

EXECUTIVE  SUMMARY  I  144 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


3G  Wireless  Works! 


Faster  deployment 

Your  choice  of  wireless  carrier  matters!  CDMA 
carriers  are  the  first  to  market  with  fully  standard¬ 
ized,  commercial  3G  networks  and  devices — 
long  before  other  wireless  carriers.  By  choosing 
a  CDMA  carrier,  you  can  leverage  the  real  and 
practical  advantages  of  3G  CDMA  today ,  and 
avoid  the  pitfalls  of  a  costly  and  complex  wireless 
network  and  device  migration  path. 

Faster  network  throughput 

Today’s  3G  CDMA  networks  provide  peak  rates 
up  to  144  kbps.  But  more  importantly,  they 
provide  real  throughputs  of  up  to  60-90  kbps, 
enabling  many  applications  that  were  never  before 
practical  over  a  wireless  wide  area  network  (WAN). 

More  device  choices 

With  our  industry-leading  chipset  and  software 
solutions,  QUALCOMM  is  enabling  the  rapid 
development  of  3G  devices  by  dozens  of  leading 
manufacturers  worldwide.  This  includes  PCMCIA 
cards  with  WAN  access  at  up  to  60-90  kbps 
for  enterprise  data  applications  such  as  e-mail, 
customer  relationship  management  and  sales 
force  automation.  Phones  and  PDAs  with  low- 
latency  browsing,  color  displays,  and  increased 
capabilities  for  position  location  and  enhanced 
wireless  multimedia  are  also  commercially  available. 
(See  www.3Gtoday.com  for  more  details.) 

Faster  development 

QUALCOMM  has  created  an  open  applications 
platform  called  the  Binary  Runtime  Environment 
for  Wireless™  (BREW™)  that  supports  native  C/C++ 
and  Java™  applications,  enabling  developers  to 
extend  enterprise  applications  quickly  and  easily. 
BREW  also  lets  you  download  and  update  applica¬ 
tions  directly  to  the  user’s  device  for  better  software 
management  and  control. 

Faster  decisions 

Our  mobility  experts  at  Wireless  Knowledge  deliver 
strategic  mobility  solutions  that  leverage  existing 
investments  while  harnessing  the  technical  and 
competitive  advantages  provided  by  today’s  3G 
wireless  technologies.  By  extending  critical  corpo¬ 
rate  applications  to  mobile  devices,  business 
professionals  are  empowered  to  make  informed, 
financially  justified  decisions  to  drive  their  business. 

Faster  ROI 

From  improved  productivity  and  responsiveness 
to  better  logistics  and  customer  relationship 
management,  the  benefits  of  corporate  data 
mobility  are  more  compelling  now  than  ever.  Visit 

www.qualcomm.com/enterprise  to  learn  more. 


As  president  of  QUALCOMM'S  wireless  &  internet  Group, 
Dr.  Paul  Jacobs  has  a  unique  perspective  on  third-generation 
(3G)  networks,  devices  and  applications.  How  will  3G  drive 
new  advances  in  enterprise  mobility? 


Qualco/ww 


wmeless  knowledge 


O  2002  QUALCOMM  Incorporated.  All  rights  reserved.  Binary  Runtime  Environment  for  Wireless  and  BREW  are  trademarks  of  QUALCOMM  Incorporated 
Java  is  a  trademark  of  Sun  Microsystems,  Inc.  All  other  trademarks  are  property  of  their  respective  owners. 


CREATE 

NEW  SERVICES 


DEPLOY 

SERVICES 


IDENTITY 
AND  SECURITY 


Mm-  •  Jm 


:  ^'^*nasag»sa^a88MBgBS 


Iltt# 


The  fastest  road 
to  Web  services. 


On  the  road  to  Web  services, 

the  only  way  to 
keep  your  freedom 
is  by  sticking 
to  the  open  road. 


TO”«^,YTilriivr»fif  r  r*m»i  ;  .  - 

V 7  .  '  V-  •**..  ■  •  .  * 

"',XJ02  Sun  M«(  rosvstems,  Inc.  All  rights  reserved.  Sun.  Sun  Microsystems,  the  Sun  loqo.  Sol ’ms,  |.iv.i,  |?ll  and  Hie  l.iv.i  coffee  nip  logo  .ire  trademarks  or  registered  trademarks  of  Sun  Mictosyslems,  Inc .  in  Hu*  United  Stales  .mil  other  countries.  All  olhei  iiadrnnnks.tte  the  property  of  their  rrspn  live  ownn 


♦5m« 

microsystems 

We  make  the  net  work. 


SunONE 

Open  Net  Environment 


Reports  from  the  road:  MLB®  Advanced  Media. 

Sun  empowers  Major  League  Baseball®  Advanced 
Media  to  deliver  dynamic  Web  site  content  with 
the  Sun  ONE  Application  Server  to  over  40  million 
fans,  while  the  Sun  ONE  Directory  Server  keeps  visitor 
registration  information  safe. 

Sun’s  partner  for  the  ride:  EDS. 

Sun  provides  on-site  support  to  EDS  consulting  teams, 
so  they  can  provide  faster,  more  direct  service  to 
their  customers  implementing  enterprise-level  portal, 
wireless  and  Web  services  projects. 


Make  the  net  work.  With  Sun™ ONE, 
the  wide-open  comprehensive  software 
platform  for  Web  services. 

Once  you’ve  started  down  the  road  to  Web 
services,  you  need  to  move  fast,  stay  flexible 
and  take  advantage  of  business  opportunities 
whereveryou  find  them. That’s  where  Sun'"ONE 
comes  in.  Sun  ONE  is  a  complete  software  archi¬ 
tecture  that  enables  you  to  create,  develop 
and  deploy  the  kind  of  innovative  “Services 
on  Demand”  that  build  customer  loyalty  and 


quickly  improve  your  business.  Sun  ONE  is 
backed  by  a  power  trio  of  award-winning 
products  (Sun  ONE  infrastructure  software,  the 
Solaris™  Operating  Environment  and  Sun  ONE 
Developer  Tools  for  Java”)  and  is  built  on  open 
Web  standards  such  as  XML,  LDAP  and  the  Java 
universal  development  platform.  And  since  it 
is  designed  from  the  ground  up  to  integrate 
with  your  existing  IT  environment  and  the 
products  you  are  already  using,  control  remains 
firmly  in  your  hands. 


REGISTER  TODAY 

for  our  exclusive  Web  seminar  on  the 
importance  of  open  standards  in  Web  services. 
www.sun.com/stayopen 


Make  the  net  work  with  Web  services 
that  can  transform  your  business: 

Transformative  change  begins 
with  |ava  *  technology. 

At  the  enterprise  level,  lava’*  technology  and  XML  mean 
interoperability.  Sun'*  ONE  capitalizes  on  seven  years  of 
)ava  leadership  to  provide  a  platform  for  Web  services 
that  leverages  your  existing  systems.  And  since  78% 
of  developers  view  |2EE“  server  software  as  the  most 
effective  platform  for  building  and  deploying  Web  services, 
you  can  be  sure  Sun  ONE  will  get  you  started  down  the 
road  in  the  right  direction. 

The  Solaris'*  Operating  Environment  lets  you  deploy 
services  on  an  enterprise-class  platform. 

Make  sure  your  services  are  always  available  for  your 
customers,  with  the  rock-solid  Solaris'"  Operating 
Environment.  You’ll  be  in  good  company  — after  all, 
many  of  the  largest  Internet  businesses  already  run  on 
it.  Solaris  OE  is  the  foundation  of  Sun  ONE  and  provides 
a  highly  reliable  application  platform  for  any  kind  of 
service.  That’s  what  we  call  "Services  on  Demand.” 


Sun  ONE  infrastructure  software 
delivers  services  today. 

Sun  ONE  Directory  Server  already  enables  60%  of  the 
Fortune  100  to  conduct  business  on  the  Web  quickly 
and  securely.  And  Sun  ONE  Developer  Tools  for  lava 
were  judged  Best  Java  IDE  by  JavaWorld.  They  both 
work  seamlessly  with  Sun  ONE  Application  Server  and 
Sun  ONE  Portal  Server  to  let  you  deliver  services  that 
quickly  scale  across  multiple  platforms.  The  faster  you 
get  your  Web  services  to  market,  the  greater  the  busi¬ 
ness  opportunity.  There’s  no  speed  limit  on  this  road. 

Sun  ONE  Consulting  can  start  you  down 
the  road  to  Web  services  right  now. 

Sun  ONE  Consulting  lets  you  reduce  the  time,  cost  and 
risk  of  transforming  your  business  with  Web  services. 
Sun  ONE  Consulting  can  help  you  with  every  phase  of 
developing  and  deploying  innovative  services,  giving 
you  the  kinds  of  sustained  business  advantages  you 
would  expect  from  a  business  innovator  like  Sun. 


Systems  Integrators: 

\ 

Sun  teams  with  some  of  the  best  systems  integrators  in  the  business,  so  you’ll  have  the  expertise  you  need  to  begin 
developing  “Services  on  Demand”  on  the  Sun  ONE  platform  today: 

°  Cap  Gemini  Ernst  &  Young  °  EDS 

°  Computer  Sciences  Corporation  °  KPMG  Consulting,  Inc. 

°  Deloitte  Consulting  °  Science  Applications  International  Corporation 


DEPLOY  SERVICES 
•  Solaris  Operating  Environment 

The  fastest  road  to  deploying 
I  Java  and  XML-based  services 
quickly  and  reliably. 


The  road  to 
Web  services 
begins  with 
Sun  ONE. 


N*  -  ■■  ft 

I  ! 

S5,: 

CREATE  NEW  SERVICES 

•  Sun  ONE  Developer  Tools 

•  Sun  ONE  Application  Server 

•  Sun  ONE  Integration  Server 

The  fastest  road  to  maximizing 
productivity  and  the  speed  of 
development. 


DELIVER 

•  Sun  ONE  Portal  Serv8r 

•  Sun  ONE  Messaging  Server 
•Sun  ONE  Calendar  Server 

T/" /  kV* \ -  ■  7 '>TT-V‘ 

The  fastest  road  to  providing 
prepackaged  and 
custom-developed 
services. 


IDENTITY  AND  SECURITY 

•  Sun  ONE  Directory  Server 

•  Sun  ONE  Identity  Server 

The  fastest  road  to  leveraging  and 
protecting  your  corporate  assets. 


NEED  DIRECTIONS? 
REGISTER  TODAY 

for  our  exclusive 
Web  seminar  on  the 
importance  of 
open  standards  in 
Web  services. 
www.sun.com/stayopen 


Companies 
already  on  the  road 
with  Sun™ ONE: 

Life  Time  Fitness 

The  Sun  ONE  architecture  has  enabled 
Life  Time  Fitness  to  store  account  and 
payment  data  for  thousands  of  members 
in  order  for  employees  and  customers 
to  conduct  millions  of  transactions  over 
the  Life  Time  Fitness  network. 


&Sun 

microsystems 

We  make  the  net  work. 


ASK  THE  SOURCE 

How  can  you  deal  with  threats 
inside  your  company? 


Special  Budgeting  Section 

The  CIO  Fiscal  2003  Toolkit 

Read  the  latest  CIO  spending  surveys.  Find  out 
how  much  CIOs  plan  to  spend  on  what,  and  when 
they  plan  to  spend  it.  Learn  how  to  sell  your 
budget  to  your  CFO.  Get  CIOs'  best  practices  for 
prioritizing  and  quantifying  budget  plans. 

Find  the  numbers  you  need  to  plan  your  numbers 
at  www.cio.com/0602/budgets. 


Patrick  Gray  of  Internet  Security  Systems  is  an  ex-FBI 
agent  who  deems  damage  by  insiders  as  an  “incredibly 
fast-growing  problem”  (see  Dr.  Crime’s  Terminal  of 
Doom  and  Other  Tales  of  Betrayal,  Sabotage  and 
Skullduggery,  Page  76).  For  the  next  two  weeks,  you 
can  question  him  about  how  to  address  your  own 
insiderthreats. 


CIO  READER  POLL 


Our  Daily  Web 

Monday  Tech  Tact  Technology 
Editor  Christopher  Lindquist 
covers  what’s  coming. 

Tuesday  Quick  Poll  Read  what 
CIOs  think  about  current  IT  issues. 


Wednesday  Metrics  Web  Writer 
Jon  Surmacz  makes  sense  of  the 
numbers. 

Thursday  Sound  Off  Web 

Editorial  Director  Art  Jahnke 
opines  on  ethical  dilemmas. 


Friday  The  Big  Picture  Charts  and  graphs 
worth  1,000  words. 


Peer  Resources:  The  Darwinmag 
Connection 


To  whom  should  the  CSO  report? 

Our  Re:  columnist  (The  CSO:  A  Must-Hire,  Page  122)  believes  it 
is  in  the  company’s  best  interest  to  have  the  chief  security  officer 
perceived  as  an  impartial  assessor  of  the  technology  environ¬ 
ment  who  should  report  to  the  COO  or  CEO.  What  do  you  think? 

TALK  BACK 

What  are  your  strategic  planning  secrets? 

Strategic  Planning  Don’ts  (and  Dos),  Page  84,  outlines  five 
common  errors  in  the  IT  strategic-planning  process— and  how  to 
avoid  them.  How  have  you  dodged  sweating  the  details  (error 
number  3)  or  bronzing  the  plan  (error  number  5)? 

Find  links  to  the  stories  mentioned  above  in  the  Web  Connections  box  at 

www.cio.com. 


E-mail  your  nontechnology  colleagues  the 
following  stories  from  CIO’s  online  sister  publi¬ 
cation,  Darwinmag.com. 

CIO’s  Drilling  for  Every  Drop  of  Value  (Page 
68)  covers  ChevronTexaco’s  successful  use  of 
consumer  demand  data.  Darwinmag. corn’s 
Making  Use  of  All  That  Data  describes  how  to 
mine  point-of-sale  customer  data. 

CIO’s  The  Little  Banks  That  Could  (Page 
102)  looks  at  CRM  initiatives  in  regional  banking. 
Darwinmag. corn's  What  Is  CRM?  covers  the 
basics,  from  goals  to  benchmarks. 

Find  these  articles  on  www.darwinmag.com 
or  go  to  www.cio.com/printlinks. 


www.cio.com 


JUNE  1.  2002  CIO  15 


WebSphere. 


software 


WEBSPHERE. 

OUR  CHEERLEADERS 
WEAR  SUITS. 


The  biggest  WebSphere  software  fans  aren’t  just  the  analysts  or  critics.  They’re  the  people  who 
actually  use  it.  According  to  a  recent  survey  more  CIOs  plan  to  standardize  on  WebSphere 
than  any  other  infrastructure  software.  WebSphere.  Part  of  our  winning  software  team,  along 
with  DB2f  Lotus®  and  Tivoli®  Get  tips  from  our  playbook  at  ibm.com/websphere/fans 


(©  business  is  the  game.  Play  to  win: 


Lotus,  software 


WINNING  TAKES  MORE 
THAN  TEAM  CHEMISTRY. 

IT  TAKES  TEAM  SOFTWARE. 


Team  communication  is  everything.  Lotus  collaboration  software,  with  online  meeting 
spaces  and  secure  corporate  instant  messaging,  makes  communication  instant,  so 
every  project  goes  down  in  the  “win”  column.  Lotus.  Part  of  our  winning  software  team, 
along  with  DB2®  Tivoli®  and  WebSphere®  Check  out  our  Webcast  at  ibm.com/lotus/team 


Am 


MB 


BBBBBBBBBBBBBBMBBBBBH 


2.  ® 


*  s 

Z3  — 

0)  CD 


§  9 

c n  3 

0  §' 
(A  P 

z* 
0  2. 
O  CQ 

g-  =r 
u'  ca 
0 

(/>  0 
O  0 

°  1 

■§  a 

I  55 
§  -S 
=  g 

3-M 

0  f“ 

it 


w  e. 
£< 
«i 
If 

O'  © 
“*  0 
o 

=T  o- 
0  © 
”*  0 


u 

5-  © 

0  (A 
(A  in 


(e)  business  is  the  game.  Play  to  win. 


DB2  ROCKS  WHEN 
IT  COMES  TO  UNIX 
LINUX.  WINDOWS 
AND  CHECKBOOKS 


Benchmarks  prove  it  Customers  swear  by  it.  DB2  is  a  better  distributed  database  than  Oracle.  Not  to  mention 
more  manageable  and  more  affordable.  And  because  it  can  work  across  any  platform,  it’s  the  perfect 
database  for  companies  large,  small,  and  growing.  DB2.  Part  of  our  winning  software  team,  along  with 
Lotusf  Tivoli®  and  WebSphere®  Check  out  the  benchmarks  and  get  a  free  TOO  report  at  ibm.com/db2/rocks 


(©, business  is  the  game.  Play  to  win." 


Tivoli 


software 


e-business.  It’s  the  only  game  in  town.  And  downtime  means  losing  profits  and  opportunities,  so  you 
can’t  let  it  happen.  IBM  Tivoli  software  lets  you  predict  the  business  impact  of  the  technology  you’re 
responsible  for,  so  that  you  can  make  smarter  decisions  today.  Tivoli.  Part  of  our  winning  software  team, 
along  with  DB2!  Lotus®  and  WebSphere!  To  find  out  more  view  our  Webcast  at  ibm.com/tivoli/smarter 


%  \  *•%.  *  .  ,  : 


IBM.  DB2.  Lotus,  Tivoli,  WebSphere,  the  e-business  logo  and  e-business  is  the  game.  Play  to  win  are 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2002 


From  the  Editor 

lundberg@cio.com 


Visit  our  Customer 


Relationship  Management 
Research  Center  at 

www.  c/o.  com/crm . 


Customer  Focus 


IF  YOU  HAVE  CUSTOMERS,  you  probably  spend 
a  lot  of  time  thinking  about  how  you  can  under¬ 
stand  them  better.  You  do  that  so  you  can  sell  more 
products  to  existing  customers  and  attract  new  ones; 
you  do  it  to  increase  the  efficiency  of  your  opera¬ 
tions  so  you  can  keep  more  of  the  money  you  get 
from  customers,  or  so  you  can  do  more  with  less. 

What  you  do  with  the  information  you  glean, 
and  the  impact  that  has  on  your  operations, 
depends  on  the  type  of  business  you’re  in. 

Five  years  ago,  oil  giant  Chevron  became  so  con¬ 
fident  in  the  reliability  of  its  demand  data  that  it 
began  to  use  it  and  it  alone  to  determine  how  much 
oil  it  would  refine.  In  the  first  year  it  switched  from 
supply-driven  to  demand-driven  data,  Chevron’s 
downstream  (customer-oriented)  profits  jumped 
from  $290  million  to  $662  million  on  the  same 
refining  capacity  and  number  of  retail  stores. 

By  having  access  to  detailed  customer  data  and 
being  able  to  analyze  it  in  new  ways,  one  of  the 
world’s  largest  companies  changed  how  it  thought 
about  its  business.  Before  the  shift,  says  CIO  of 
Global  Downstream  Louie  Ehrlich  in  “Drilling  for 
Every  Drop  of  Value”  (Page  68),  “we  acted  like  a 
manufacturing  company,  just  trying  to  make  prod¬ 
ucts,  when  really  the  market  was  customer-driven.” 

Union  National  Community  Bank  (UNCB)  had 


a  different  type  of  epiphany  when  it  turned  to 
CRM  to  fend  off  big-bank  competition.  It  realized 
that  being  smaller  didn’t  necessarily  mean  being 
closer  to  the  customer,  especially  with  the  kinds  of 
databases  and  analy  sis  tools  being  used  by  its  larger 
competitors,  which  typically  offered  a  broader 
range  of  products  and  services. 

Unlike  Chevron,  though,  UNCB’s  embrace  of 
customer  data  didn’t  change  its  business  model;  it 
reinforced  it.  The  bank  now  had  the  wherewithal 
to  target  the  right  products  to  the  right  customers 
and  to  align  critical  processes  around  them.  One 
major  assumption  changed:  “In  community  bank¬ 
ing,  the  thinking  has  always  been  that  all  customers 
are  created  equal,  and  that’s  absolutely  not  true,” 
says  COO  Michael  Frey,  in  the  story  on  Page  102. 
UNCB  increased  its  level  of  services  to  the  cus¬ 
tomers  that  matter  most  and  its  profitability  too. 

So  how  do  CIOs  figure  out  what  a  customer 
focus  means  to  their  business  and  the  impact  it  will 
have  on  their  organization?  By  participating  proac¬ 
tively  in  formulating  the  company’s  strategic  busi¬ 
ness  plan.  Executive  Editor  Derek  Slater  outlines 
the  dos  and  don’ts  of  strategic  planning  on  Page  84. 

If  you’re  not  spending  a  lot  of  time  trying  to 
understand  your  customers  better,  you  probably 
won’t  have  them  for  long. 


2002  •  www.cio.com 


2  4  CIO  JUNE  1 


PHOTO  BY  JASON  GROW/SABA 


Snap-on  has  the  best  tools 
for  diagnosing,  aligning,  and 
tightening  pretty  much  anything. 

Like  say,  their  productivity. 


InBox 

Reader  Feedback 


ASSESS  THE  LEGACY 

You  have  written  a  lot  of  rubbish  [in  “Now  Is  the  Time  to  Pull  the  Plug  on 
Your  Legacy  Apps,”  March  15, 2002].  You  make  it  sound  as  if  dollars  are 
the  only  factor  when  they  are  not.  You  make  it  sound  like  old  machines 
should  be  dumped  when  that  is  also  not  necessarily  true. 

The  issue  is  simple— can  a  similar  or  better  service  be  provided  in  a  more 
cost-effective  fashion  and  with  acceptable  implications  for  the  business? 

What  are  the  implications?  Just  a  few  minor  things,  like  system  security, 
availability  of  support,  availability  of  knowledge,  the  estimated  business  gains. 

Each  of  those  will  have  its  own  priority— for  example,  there  is  no  point  moving  to 
a  simple  Web  solution  if  the  security  of  your  data  will  be  compromised. 

The  situation  is  far  less  cut-and-dried  than  you  make  it  out  to  be.  You  would 
have  better  credibility  if  you  suggested  the  issues  to  consider  rather  than 
making  blanket  statements. 

John  McLean  •  Director  •  Applied  Logic  •  Melbourne,  Australia  •  mcleanj@swissonline.cb 


SECURE  THE  ENTERPRISE 

I  read  with  interest  your  article  “How 
to  Plan  for  the  Inevitable,”  by  Sarah  D. 
Scalet,  in  the  March  15,  2002,  issue. 
Scalet’s  article  examines  the  issue  of 
responding  to  cyberattacks  and  lists  the 
technologies,  processes  and  strategies 
for  developing  an  effective  incident 
response  plan.  I  was  both  impressed 
with  the  depth  of  understanding  behind 
her  incident  planning  methodology  and 
surprised  at  the  omission  of  one  key 
solution  that  could  literally  solve  the 
problem  she  addresses — a  new  breed 
of  enterprise  security  management  solu¬ 
tions  coming  to  market. 

Until  recently,  a  primary  problem  of 
these  so-called  security  event  monitor¬ 
ing  systems  was  that  they  could  not 
cross-correlate  data  from  multiple  secu¬ 
rity  tools  and  devices  such  as  firewalls, 
intrusion  detection,  antivirus,  and 
authentication  and  encryption  from 
multiple  vendors.  However,  in  the  past 
two  years,  technology  advances,  such 
as  Cyber  Wolf  in  the  government  mar¬ 
ket,  have  enabled  a  new  breed  of  enter¬ 


prise  management  solutions  that  can 
automate  the  analysis  of  security  events 
and  alerts  in  multisensor,  multivendor 
environments — and  do  it  in  real-time. 

This  next  generation  of  security  man¬ 
agement  solutions  also  features  the  abil¬ 
ity  to  intelligently  recognize  groups  of 
events  and  alerts  that  may  signify  a  pat¬ 
tern  of  attack.  Because  of  the  automated 
nature  and  the  ability  to  refine  event 
analysis  from  the  millions  down  to  a 
handful  of  security  incidents,  organiza¬ 
tions  are  able  to  more  quickly  identify 
and  respond  to  threats  to  the  enterprise. 

Jim  Litchko 
President 
Litchko  &  Associates 
Kensington,  Md. 
jim@litchko.com 

IT’S  THE  SAME  OLD  SONG 

Preston  Gralla’s  article  “RoboBoss”  in 
the  March  15,  2002,  issue  was  a  great 
summary  of  the  pitfalls  in  software- 
driven  process  reengineering.  It  is  sad 
that  this  story  still  has  to  be  told,  when 
business  process  reengineering  has  been 


a  fact  of  life  for  a  decade,  and  the  Inter¬ 
net-enabling  tools  are  almost  as  old. 

The  tools  have  to  help  managers  and 
employees  do  tasks  that  they  accept  and 
that  ideally  they  have  helped  design. 
The  systems  have  to  be  the  servants  of 
the  process  owners  and  workflow 
doers.  The  ideal  is  to  alleviate  drudgery, 
repetition  and  ugly  interfaces,  and 
exploit  the  results  for  the  benefit  of 
employees,  the  business  and  customers. 
You  do  that  by  leveraging  single  sourced 
data  and  Web  interfaces  to  provide  indi¬ 
vidual  views,  and  improve  cycle  time, 
accuracy  and  information  quality  all  at 
once.  But  you  cannot  do  it  top-down. 
People  react  even  more  positively  to 
concern  for  their  working  environment 
than  they  do  to  actual  improvements. 

Andrew  Southern 
CEO 
Spiralinks 
Los  Gatos,  Calif. 
azs@spl.com 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 


2  6 


CIO  JUNE  1,  2002  •  www.cio.com 


“TRENDS  IN  LARGE  DATA  CENTERS 
CANDID  INTERVIEWS 
WITH  300  TOP  IT  EXECUTIVES.” 


Contact  us  for  your  free  copy  of 


w  w  w.  We  H  a  ve  T  h  e  Way  O  u  t .  c  o  m 
info@WeHaveTheWayOut.com 
Toll-free:  800-548-3443 


Microsoft *  Unisys 


o  wonder  UNIX  makes  you  feel  boxed  in.  It  ties 
to  an  inflexible  system.  It  requires  you  to  pay  for 
ensive  experts.  It  makes  you  struggle  daily  with  a 
server  environment  that’s  more  complex  than  ever. 

Now  for  the  solution.  Microsoft  and  Unisys  have 
joined  together  to  offer  you  a  UNIX  alternative. 


By  teaming  the  Unisys  ES7000  server  with  the 
Microsoft*  Windows®  2000  Datacenter  operating  system, 
we’re  bringing  a  high  performance  server  solution  to  the 
enterprise  market.  A  solution  that  provides  the  flexibility 
and  agility  you  need  in  today’s  web-driven  world. 
Without  sacrificing  any  of  the  reliability  and  scalability 
you  demand. 

So,  if  your  server  environment  has  closed  you  in, 
let  us  help  you  escape.  Microsoft  and  Unisys. Two  smart 
companies,  one  brilliant  solution. 

Learn  more  about  how  the  ES7000  and  Windows 
2000  Datacenter  can  simplify  your  server  environment. 


J ’  " 

■imkf. 


w . 

m 

'f 


V 


.•®$>  . 

.  r.  ■  ■  - 


'.  ■  V.'; 


■m 

■  tel'.: 

■.'fST '*S‘- 


Seven  new  models 
from  17"  to  22 !' 

Each  delivers  brilliant 
performance  and  value 
in  your  choice  of  black 
or  white  cabinet  styles. 


SuperBright™  makes 

NaViSet™  offers  a 

Compact,  light, 

\ 

Up  to  21%  less 

images  come  alive. 

new  level  of  control. 

even  more  adaptable. 

power  use. 

Instantly  doubles 

Advanced  software 

All-new  ergonomic 

Most  models  offer 

brightness  for  intense 

enhances  user  control 

design  trims  weight  and 

substantial  energy 

video,  graphics  and 

and  enables  remote 

reduces  footprint  for  a 

savings  for  a  lower 

multimedia  applications. 

adjustment  over  LANs. 

better  fit  everywhere. 

total  cost  of  ownership. 

Introducing  CRT  monitors  as 

brilliant  as  your  ideas. 


With  SuperBright™  Diamondtron®,  an  all-new  design  and  even  more  lifetime  value,  our  MultiSync® 

FE™  Series  just  might  change  what  you  know  about  CRTs.  These  all-new  monitors  are  full  of  dazzling 
innovations.  For  example,  the  SuperBright  technology  in  the  MultiSync  FE77iSB,  FE79iSB,  FEg9iSB  and  FE2inSB 
models  doubles  your  brightness  for  intense  video,  multimedia  and  graphics  applications.  New  industry- 
standard  sRGB  color  matching  gives  truer  tones  in  web  applications.  And  NaViSet™  control  software  puts 
a  virtual  control  panel  on  your  desktop  for  precise  adjustment  via  mouse  and  keyboard. 


Learn  more  atwww.necmitsubishi.com/FE 
or  call  888-N  EC-MITS. 


The  new  MultiSync  FE  Series. 

A  bright  investment  in  intelligent  design. 


The  FE  Series  also  offers  extreme  reliability,  easy  deployment  and  low  total  cost  of  ownership.  Power 
use  has  been  reduced  by  as  much  as  21%,  lowering  electricity  costs.  Plus  we’ve  trimmed  pounds  and 
inches  for  a  lighter,  more  ergonomic  form  factor.  Besides  freeing  up  desk  space, 
the  FE  Series  also  frees  up  your  support  staff,  with  patented 
self-diagnostics  and  intelligent  network  control  capability.  Add 
NEC’s  extensive  service  and  support,  and  the  new  choice  in  CRT 
monitors  is  clear. 


SEE  mOQE? 


MultiSync  is  a  registered  trademark,  and  FE,  NaViSet  and  SuperBright  are  trademarks 
of  NEC-Mitsubishi  Electronics  Display  of  America,  Inc.  Diamondtron  is  a  registered 
trademark  of  Mitsubishi  Electric. 

©2002  NEC-Mitsubishi  Electronics  Display  of  America,  Inc. 

All  rights  reserved.  Simulated  images  in  monitors. 


NEC /MITSUBISHI 

NEC-MITSUBISHI  ELECTRONICS  DISPLAY 


The  Magazine  for  Information  Executives 


President  &  CEO  Joseph  L  Levy 
Publisher  Gary  J.  Beach 
Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Deputy  Editor  Richard  Pastore 
Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Michael  Goldberg,  Christopher  Koch 
(Investigations),  Derek  Slater 

Leadership  and  Management  Editor  Edward  Prewitt, 
Opinion  and  Knowledge  Management  Editor  Megan 
Santosus,  Research  Editor  Lorraine  Cosgrove  Ware, 
Special  Projects  Editor  Mindy  Blodgett,  Technology 
Editor  Christopher  Lindquist 

Senior  Editors  Alison  Bass  (CRM),  Todd  Datz,  Alice 
Dragoon,  Sari  Kalin,  Elana  Varon  (B2B  E-Commerce) 

Features  Editor  Late  Low 

Senior  Writers  Scott  Berinato  (Security  and  Vendor 
Management),  Meridith  Levinson  (B2C  E-Commerce), 
Stephanie  Overby,  Susannah  Patton  (B2C  E- 
Commerce),  Sarah  D.  Scalet  (Security  and  Privacy) 

Staff  Writers  Simone  Kaplan,  Ben  Worthen 
Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Copy  Editors  Kelli  A.  Gauthier  (Assoc,), 

Emily  S.  Henderson,  Sarah  Johnson  (Assoc.) 

Research  Manager  Lynne  Z,  Rigolini 
Editorial  Resource  Manager  Carol  Zarrow 
Editorial  Assistants  Daniel  J.  Horgan,  Joe  Sullivan 
Special  Projects  Specialist  Cristina  Sousa 
Consulting  Editor  Janice  Brand 
Editor  at  Large  Jerry  Gregoire 

Contributors  Bud  Bates,  John  Edwards,  Judy  B.  Homer, 
Mark  Polansky,  Raghavan  Rajaji,  Ken  Segarnick, 

Michael  Symmers,  Matt  Viliano,  Patricia  Wallington 


How  to  Reach  Us 

E-mail  tetters@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/oniine_beats2.htmi 

Subscriber  Services  800  788-4605,  Fax  508  879-7899, 
E-mail  denisep@cio.com 

Rights  and  Permission  Andrew  Burrell  •  508  935-4785, 
E-mail  aburreii@cxo.com 


Editorial  Operations  Specialist  Julie  Hanson 

DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 

Art  Directors  Hana  Barker,  Terri  Haas,  Lisa  Munroe 

Associate  Art  Director  Owen  Edwards 

Senior  Designers  George  Lee,  Chandra  Tallman 

Designer  Kajaal  S.  Asher 

Associate  Designer  Alberto  Capolino 

Design  Group  Assistant  Rachel  Barnett 

WEBSITE 

Senior  VP/General  Manager,  Online  Tim  Horgan 

Web  Editorial  Director  Art  Jahnke 

Executive  Web  Editor  Martha  Heller 

Web  Editor  Sandy  Kendall 

Web  Writer  Jon  Surmacz 

Online  Technology  Director  Dagmar  Eiben 

Senior  Web  Developer  Ellen  Morey 

Online  Research  Manager  Kathleen  Kotwica 

Audience  Development  Manager  Andrew  Burrell 

Web  Developers  Diane  Chen,  Shannon  Macdonald 

Online  Content  Researcher  Tara  Gillet-Liloia 

Designer  Graham  White 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Subscription  Svcs.  Manager  Denise  Perreault 
Subscription  Svcs.  Supervisor  Tina  Pescaro 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Ad  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

VP  and  General  Manager  Ronald  L.  Milton 
VP,  Event  Marketing  Cynthia  Moiius 
Director,  Marketing  Services  Shellie  Rapson  James 
Manager,  Program  Operations  Brian  Fuce 
Manager,  Procurement/Tech.  Planning  Cynthia  Laird 
Manager,  Program  Development  Sherry  Keyies 
Event  Development  Specialist  Sandra  J.  Hughey 

Program  Applications  Specialists  Heather  Beauton 
(Senior),  Leah  Graves  (Assoc.) 

Senior  Program  Marketing  Specialist  Karen  Peabody 
Operations  Coordinator  Michael  Barbato 
Fulfillment  Services  Coordinator  Andrea  Harney 
Manager,  Event  Planning  Amy  Sanderson 


MARKETING 

Executive  VP/Marketing  Cathy  O'Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
News  and  Information  Assistant  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 
Marketing  Research  Manager  Carolyn  Johnson 
Sr,  Marketing  Research  Analyst  Dylan  DiGregorio 
Marketing  Comm.  Director  Sue  Yanovitch 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Marketing  Comm.  Coordinator  Sarah  Crowley 

ADMINISTRATION 

Executive  VP/Operations  Waiter  Manninen 

Executive  Assistant  to  the  President/CEO 

Diane  Martin 

Financial  Manager  Cynthia  Petri  I  lo 

Jr.  Financial  Analyst  Hilary  Smith 

Billing  Administrator  Joyce  Gillis 

Facilities  Specialist  John  Kelley 

Office  Services  Coordinator  Mary  E.  Wooldridge 

INFORMATION  SYSTEMS 

VP/CIO  Rick  Broughton 
infrastructure  Manager  James  C,  Burgoyne 
User  Services  Manager  Ron  Bettencourt 
Senior  User  Services  Specialist  Michael  Fahlsing 
System  Administrator  Robert  Reagan 
User  Support  Specialist  Jonathan  Frappier 

NEW  BUSINESS  DEVELOPMENT 

VP,  Business  Development  &  Strategic  Alliances 

Cheryl  M,  Hardy 

Coordinator,  Business  Development  Kelly  Gabe 

HUMAN  RESOURCES 

VP,  Human  Resources  Patricia  Reilly 
Human  Resources  Manager  Tanya  Bureau 
Human  Resources  Representative  Beth  Senges 


INTERNATIONAL  DATA  GROUP 

President  &  CEO  Kelly  Conlin 
Board  Chairman  Patrick  J.  McGovern 

WBPA 

V  INTERNATIONAL* 

©  CXO  Media  Inc. 


3  0  CIO  JUNE  1,  2002 


www.cio.com 


Quantum's  StorageCare™  Managed  Services  safeguard  valuable  corporate  data  by  using 
best-in-breed  technology,  industry  best  practices  and  proven  processes  to  remotely 
manage  all  backup  and  restore  functions  and  provide: 


•  Guaranteed  on-time  execution  and  monitoring  of  your  scheduled 
backups  on  a  7  x  24  x  365  basis 

•  Management  of  multi-vendor  environments  with  a  single  phone  call 

•  Restoration  of  lost  or  corrupt  data  quickly  and  accurately 

Quantum.  We  don't  sleep.  So  you  can! 

For  more  information  about  StorageCare  Managed  Services  and  to  RECEIVE  A 
FREE  DOWNLOADABLE  DATA  RECOVERY  PLANNING  EXCERPT  from  industry 
expert  John  Toigo's  renown  book.  Disaster  Recovery  Planning,  visit  us  on-line  or 
to  speak  to  a  StorageCare  Professional  today,  call  toll-free  800-677-6268,  select 
option  2. 


StorageCare ’ 

Managed  Services 


www.QuantumATL.com/ManagedServices 


Quantum 


AVAyA 


With  Avaya,  you’re  already  this  close  to  IP  Telephony. 

In  fact,  you  can  use  what’s  in  your  own  network.  Now  Avaya,  the  leader  in  voice  solutions, 
has  extended  IP  Telephony  to  an  open  architecture.  So  our  feature-rich  MultiVantage m 
Software  can  work  with  your  existing  investment,  allowing  you  to  have  Enterprise  Class  IP 
Solutions  anywhere  in  your  network.  That  means  you  get  gentle  migration  and  flexible 
deployment  from  the  core  to  the  edge,  or  the  other  way  around.  Learn  how  a  network 
assessment  can  help  you  discover  how  close  you  are  to  IP  Telephony.  Visit  avaya.com/yes 


COMMUNICATION  WITHOUT  BOUNDARIES 


Board  of  Advisers  2002 

CIO  wishes  to  acknowledge  the  2002  Editorial  Advisory  Board  members  for  their 
ongoing  guidance  and  reality  check  of  the  magazine’s  content  and  focus.  We  thank 
them  for  their  generosity  in  sharing  their  insight  into  the  world  of  IT  leadership. 


GREGOR  BAILAR 

CIO 

Capital  One 
Falls  Church,  Va. 

MARCIA  BALESTRINO 

CIO,  Information  and 
Technology 
Girl  Scouts  of  the  USA 
New  York  City 

DOUG  BARKER 

Independent  Consultant, 
Former  VP  and  CIO 
The  Nature  Conservancy 
Arlington,  Va. 

DENNIS  BENNER 

Former  CTO 
Autobytel 

Rancho  Palos  Verdes, 
Calif. 

WAYNE  D.  BENNETT 

Partner 

Bingham  Dana 
Boston 

BRIAN  BERTLIN 

Vice  President  and  CIO 
Washington  Group 
International 
Boise,  Idaho 

MICHAEL  EARL 

Dean 

Templeton  College, 
Oxford 

Professor  of  Information 
Management 
Fondon  Business  School 
Fondon 

JOHN  GLASER 

Vice  President  and  CIO 
Partners  HealthCare 
Boston 


JERRY  GREGOIRE 

Former  CIO  of  Pepsi 
and  Dell 
Austin,  Texas 

SCOTT  HEINTZEMAN 

CIO 

Carlson  Hotels 

Worldwide 

Minneapolis 

LEE  HOLCOMB 

CIO 

National  Aeronautics  and 
Space  Administration 
Washington,  D.C. 

C.  LEE  JONES 

Chairman  and  CEO 
AmericasDoctor 
Gurnee,  Ill. 

SUSAN  S.  KOZIK 

CIO  and  VP  for  Supply 
Chain  and  Corporate 
Centers 

Fucent  Technologies 
Murray  Hill,  N.J. 

CHUCK  LYBROOK 

Executive  Director 
The  Information 
Management  Forum 
Atlanta 

BUD  M ATHAISEL 

Corporate  Vice  President 
and  CIO 
Solectron 
Milpitas,  Calif. 

GERALD  MILLER 

Senior  Vice  President 
and  CIO 

Sears,  Roebuck  &  Co. 
Hoffman  Estates,  Ill. 


CAROLYN  T.  PURCELL 

CIO 

State  of  Texas 
Austin,  Texas 

REBECCA  RHOADS 

CIO 

Raytheon 
Lexington,  Mass. 

LARAINE  RODGERS 

President  and  Executive 
Director 

Arizona  Partnership  for 
Higher  Education  and 
Business 
Phoenix 

JIM  RYAN 

Executive  Vice  President 
of  Marketing  and  Sales 
Grainger.com 
Lincolnshire,  Ill. 

THOMAS  T. 
SCHWANINGER 

Senior  Vice  President 
and  CIO 

American  Red  Cross 
Falls  Church,  Va. 

JAMES  F.  SUTTER 

Senior  Partner 
The  Peer  Consulting 
Group 

Newport  Beach,  Calif. 

RICHARD  W. 

SWANBORG  JR. 

President 

ICEX 

Boston 

PATRICIA  WALLINGTON 

President 
CIO  Associates 
University  Park,  Fla. 


IP  Telephony. 
Where  to  start? 

With  Avaya  Enterprise  Class 
IP  Solutions  (ECLIPS) 
featuring  MultiVantage “ 
Software,  start  anywhere 


in  your  network. 


G700  Media  Gateway 


At  the  edge. 

•  Survivable  remote  location 

•  Standards-based  distributed 


architecture 
•  r.n<zt-pffprti\/p  nntinn 


With  a  specific  workgroup. 

•  First  to  seamlessly  extend 
applications  to  cellular 

•  Takes  applications  to  remote 
and  mobile  workers  for 
greater  productivity 


Learn  how  a  network  assessment  can 
help  you  discover  how  close  you  are 
to  IP  Telephony.  Visit  avaya.com/yes 


AVAyA 


COMMUNICATION  WITHOUT  BOUNDARIES 


Now  the  left  hand 
knows  what  the  right 
hands  are  doing. 


©  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


ipi. 


Introducing  Microsoft  Project  Server  2002,  the  newest  way  to  manage  your  enterprise  projects  at  every 

organizational  level  Today’s  complex  projects  have  grown  to  encompass  multiple  departments,  organizations,  and 
geographies,  which  means  visibility  and  collaboration  are  more  essential  than  ever.  Part  of  the  Microsoft®  .NET 
family  of  servers,  Microsoft  Project  Server  2002  works  with  Microsoft  Project  Professional  2002  to  help  you  manage 
resources  and  model  projects  across  your  portfolio.  Web-based  access  to  project  information  keeps  everyone  in  the 
loop,  at  any  time  and  from  anywhere.  And  the  open  architecture  in  Microsoft  Project  Server  2002  allows  you  to  deploy 
a  customized,  secure,  enterprise-scale  project-management  solution  that  integrates  with  your  current  business 
systems.  So  even  when  there  are  lots  of  hands  on  the  job,  they’re  still  of  one  mind. 

Find  out  how  Microsoft  Project  Server  2002  can  help  you  manage  projects  across 
your  organization.  Go  to  goprojectserver.com  Software  for  the  Agile  Business. 


the  NEWtheHOT  theUNEXPECT  E  D 


Edited  by  Lafe  Low  and  Sandy  Kendall 


Suckers.com 


By  Daintry  Duffy 

i 

FROM  THE  LOOKS  OF  ITS  WEBSITE, 

McWhortle  Enterprises  has  all  the  makings 
of  a  terrific  investment  opportunity.  There’s 
detailed  information  about  the  organiza¬ 
tion’s  hot  new  product — a  handheld  bio¬ 
hazard  detector — flattering  testimonials  by 
corporate  executives  and  analysts,  an  audio 
interview  with  CEO  Thomas  McWhortle 
and,  last  but  not  least,  a  tantalizing  chance 
to  purchase  company  stock  at  pre-IPO 
prices.  Would-be  investors  who  enter  their 
credit  card  information,  however,  are  in  for 
a  shock. 


A  giant  banner  blazes 
across  the  next  page:  “If  you 
responded  to  an  investment 
idea  like  this,  you  could  get 
scammed!” 

McWhorde  isn’t  a  real  com¬ 
pany  at  all.  It’s  the  creation  of 
the  investor  education  group  at 
the  Securities  and  Exchange  Com¬ 
mission  (SEC).  The  SEC  believes 
showing  consumers  how  easily  they 
can  be  suckered  is  far  more  effective  than 

Continued  on  Page  38 


DATA  MANAGEMENT 

A  New  Tape  Measure 

HEALTH-CONSCIOUS  SHOPPERS  might  soon  have  an 
easier  way  to  track  their  diet  than  reading  food  package 
labels.  The  bar  codes  currently  used  at  supermarket  check¬ 
outs  to  identify  a  product  and  its  price  could  also  provide  its 
nutritional  profile. 

Researchers  at  the  United  Kingdom’s  University  of  Leeds 
and  the  Public  Health  Nutrition  Unit  (PHNU)  at  Trinity  and 
All  Saints  College  found  that  a  shopper’s  supermarket 
receipt  could  provide  a  good  indication  of  fat  consumption 
levels.  In  our  society,  more  than  90  percent  of  our  food 
comes  from  supermarkets,  so  receipts  are  as  good  a  meas¬ 
ure  of  household  fat  intake  as  a  food  diary  (in  which  people 
often  underreport  what  they  actually  eat),  says  PHNU 
Director  Joan  Ransley.  She  led  the  two-year  study,  sup¬ 


ported  by  a  grant  from  the  Medical  Research  Council  with 
funds  from  the  U.K.  Department  of  Health. 

Ransley  admits  that  adding  up  fat  grams  only  after  an 
afternoon  of  aisle-cruising  isn’t  ideal.  “It  would  be  useful 
for  the  consumer  to  see  a  fat  tally  before  the  final  purchase, 
but  this  may  not  be  practical  given  supermarket  queues,” 
she  explains.  “But  consumers  could  use  the  tally  to  edu¬ 
cate  themselves  so  that  better  choices  could  be  made  dur¬ 
ing  subsequent  shopping  trips.” 

Privacy  concerns  could  pop  up  if  the  nutrition  reports 
became  commonplace.  “In  the  U.K.  we  have  the  Data  Pro¬ 
tection  Act,  which  does  not  allow  information  about  an  indi¬ 
vidual  to  be  passed  on  to  a  third  party  without  their  consent,” 
says  Ransley.  “But  provided  this  information  is  not  passed 
on,  it  is  OK  to  generate  the  data.” 

In  the  future,  researchers  say,  looking  at  aggregated 
receipts  could  allow  more  detailed  analysis  of  a  popula¬ 
tion’s  nutritional  intake  and  aid  in  the  research  into  the 
links  between  diet  and  disease.  -Stephanie  Overby 


3  6  CIO  JUNE  1,  2002 


www.cio.com 


identify  your  best 
worst)  suppliers? 

your  total  spend  across 
lines  and  geographies? 

And  make  sure  your  contracts 
get  you  the  best  price? 


mm. 


IB 


mmm 


m&k  : 


|  Customer  Intelligence  |  Intelligence  Architecture 


SAS  is  all  you  need  to  know. 


SAS  provides  a  complete  view  of  who’s 
buying  what  in  your  company. .  .and  from  which 
suppliers.  So  you  can  consolidate  spending,  cut 
your  costs  and  maximize  profits.  To  find  out  how 
leading  companies  are  reaping  the  rewards  of  SAS 
supplier  intelligence  software,  call  1  866  270  5724 
toll  free  or  visit  www.sas.com/supplier 


The  Power  to  Know- 


SAS  and  ail  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration. 
©  2002  SAS  Institute  Inc.  All  rights  reserved  4901  OUS.0302 


trendlines 


Long  Arm  of  the  Law 

By  Stephanie  Overby 


Suckers.com 

Continued  from  Page  36 
warning  them  with  a  brochure.  “I  want 
to  educate  people  to  what  fraud  looks 
like  on  the  Internet  so  next  time  they 
encounter  a  real  scam,  they  won’t  let 
their  excitement  over  a  good  deal  cloud 
their  better  judgment,”  says  Susan 
Wyderko,  director  of  the  SEC’s  office 
of  investor  education. 

Wyderko  has  no  figures  on  how  big 
the  Internet  fraud  problem  is,  but  unlike 
telephone  scams  and  other  schemes, 
shysters  on  the  Internet  can  make  their 
scams  look  irreproachably  legitimate. 

McWhortle.com  went  online  in  mid- 
January,  and  somewhere  out  on  the  Net 
are  three  other  fake  sites  like  it — though 
Wyderko  won’t  identify  them.  It 
appears  the  SEC’s  bait-and-switch  tac¬ 
tics  are  getting  the  message  out — the 
McWhortle  site  has  received  more  than 
1.7  million  hits  since  it  went  live. 

Seems  like  there  really  is  one  born 
every  minute. 


ON  ANY  GIVEN  DAY,  4.6  million 
convicted  offenders  are  out  on  probation, 
parole  or  some  other  form  of  community 
supervision.  Nearly  20  percent  of  them  will 
be  re-incarcerated  because  of  a  rule  viola¬ 
tion  or  new  offense,  according  to  the  U.S. 
Department  of  Justice. 

In  an  effort  to  reduce  that  recidivism  and 
protect  the  community,  certain  districts  are 
using  a  GPS-based  monitoring  system 
developed  by  Pro  Tech  Monitoring,  which 
includes  a  4  pound  GPS  receiver  (known  in 
the  business  as  “the  box")  and  an  anklet 
containing  a  radio  frequency  transmitter 
that  tethers  the  offender  to  the  box.  Central 
monitoring  via  the  AT&T  Wireless  network 
provides  24-hour  satellite  tracking  of  those 
wearing  the  high-tech  jewelry. 


Unlike  other  electronic  monitoring 
systems,  which— without  a  GPS  compo¬ 
nent-can  only  confirm  whether  a  person 
is  in  a  certain  place  at  a  certain  time,  the 
box  can  locate  someone  at  any  time  and  in 
any  place.  Law  enforcement  and  correc¬ 
tions  agencies  pay  Pro  Tech  $10  to  $12  a 
day,  and  every  10  minutes  the  GPS  device 
transmits  the  wearer’s  geographic  location 
by  means  of  a  wireless  call  to  the  central 
computer,  which  stores  that  information.  If 
an  offender  is  in  violation  of  any  predeter¬ 
mined  rules— say,  failing  to  return  home  by 
an  established  time,  going  near  someone 
he’s  not  supposed  to  ortampering  with  the 
anklet— the  system  sends  an  immediate 
alert  (either  via  pager,  e-mail  orfax)tothe 
supervising  agency  as  well  as  the  offender 
and  the  original  victim,  if  applicable.  The 
box  can  also  potentially  provide  alibi 
information  for  anklet  wearers  suspected 
of  other  crimes. 

“We  now  know  where  our  highest  risk 
offenders  are  24  hours  a  day,”  says  Richard 
Nimer,  director  of  the  Florida  Department 
of  Corrections'  office  of  programs,  transi¬ 
tion  and  post-release  services  in 
Tallahassee,  who  currently  has  550  offend¬ 
ers  on  the  box.  “With  the  old  radio  fre¬ 
quency  monitoring  system,  we  could  only 
track  someone’s  presence  or  absence  from 
their  home  telephone.  So  if  someone  was 
supposed  to  leave  his  home  at  8  a.m.  to  go 
to  work,  he  could  actually  go  out  and 
murder  someone  or  commit  a  heinous  sex 
crime,  come  home  at  6  p.m.,  and  we’d  have 
thought,  Gosh  darn,  this  guy’s  doing  what 
he's  supposed  to  do.” 

Some  120  criminal  justice  agencies  in 
27  states  now  use  this  system  to  track 
about  1,200  offenders  nationwide. 
Eventually,  more  states  may  let  certain 
prisoners  out  early  because  it's  cheaper  to 
track  them  by  GPS  than  to  house  and  feed 
them.  Chances  are,  offenders  would  prefer 
the  little  anklet  to  the  big  house  too. 


38  CIO  JUNE  1,  2002  •  www.cio.com 


PHOTO  BY  GETTY  IMAGES 


Enterprise  storage.  Surprisingly  affordable. 


EMC2 

where  information  lives 

If  you  want  enterprise  storage,  it  pays  to  check  out  what  EMC  CLARiiON®  delivers:  fifth-generation 
full  Fibre  Channel  architecture,  the  highest  availability  and  scalability  in  its  class,  and  over  20  TB 
of  capacity  in  a  single  cabinet  —  all  at  an  attractive  price.  Plus,  CLARiiON’s  connectivity  gives  you 
the  flexibility  to  accommodate  SAN  or  NAS.  So  take  a  closer  look  at  CLARiiON.  We  think  you’ll 
be  pleasantly  surprised  by  the  results. 

Eft* 

C  Clark 

on 

Check  out  the  demo  at  EMC.com/cioclar 

EMC'.  EMC,  and  CLARiiON  are  registered  trademarks  and  where  information  lives  is  a  trademark  of  EMC  Corporation.  ©2002  EMC  Corporation.  All  rights  reserved. 


trendlines 


On  the  Move 


Compiled  by  Tom  Field 


Crites  Goes  from  Consultant  to  Full-Time  CIO 


JOHN  CRITES  looks  at  it  this  way — he 
had  a  year  to  test  drive  his  new  company 
before  he  finally  decided  to  become  its 
CIO.  During  that  time,  the  company  was 
able  to  size  him  up  as  well.  Now  he  knows 
it’s  a  good  fit. 

In  2000,  RTI  initially  contracted  Crites, 
an  independent  consultant  with  20  years 
IT  management  experience  at  Rockwell 
International,  to  oversee  an  ERP  project. 
After  RTFs  CIO  left  last  summer,  Crites 
found  himself  compelled  to  trade  in  his 
independence  for  a  full-time  gig  as  vice 
president  and  CIO  at  RTI,  a  Research 
Triangle  Park,  N.C. -based  nonprofit  re¬ 
search  organization. 

The  challenge  of  using  IT  to  help  RTFs 
global  expansion  is  what  lured  Crites  to  a 
full-time  position.  “RTI  is  really  trying  to 
transition  from  a  midsize  research  com¬ 
pany  to  one  with  the  potential  to  be  a 
world-class  research  firm,”  Crites  says. 

Crites  has  several  immediate  priorities, 
including  using  strategic  technology  plan¬ 
ning  to  increase  value  for  RTI  customers, 
overseeing  the  cultural  change  resulting  from 
the  ERP  implementation  and  getting  better 
acquainted  with  the  research  industry. 

Crites’s  biggest  challenge  is  transforming 


himself  from  a  consultant  familiar  with  one 
aspect  of  the  business  to  a  corporate  offi¬ 
cer  conversant  in  all  aspects  of  the  business. 
“As  an  outsider,  I  didn’t  get  access  to  all  of 
the  proprietary  data  and  strategy,”  he  says. 

He  anticipated  some  identity  crisis  issues 
with  RTI  staffers  used  to  him  as  a  consult¬ 
ant,  but  Crites  says  his  transition  to  CIO 
has  been  smooth  so  far,  without  any  obvi¬ 
ous  ill  perceptions.  “[The  transition]  wasn’t 
the  shock  I  thought  it  would  be,”  he  says. 


The  biggest  difference  is  that  the  risks 
are  greater  and  the  stakes  are  higher.  “If  the 
company  already  had  its  act  together  and 
everything  were  running  smoothly,  I’d  be 
bored  stiff,”  Crites  says.  -Tom  Field 

Mister  Coffee 

COFFEE  IN  THE  MORNING  is  a  ritual 
for  Brian  Crynes.  In  his  new  role  as  senior 
vice  president  and  CIO  at  Seattle-based 
Starbucks  Coffee,  he’ll  have  plenty  of 
opportunities  to  get  his  fix. 

For  Starbucks,  an  aggressive  company 
with  plans  to  expand  its  brand  internation¬ 
ally,  and  Crynes,  a  55-year-old  Pennsylvania 
native  with  international  IT  experience,  it 
was  a  match  made  in  heaven.  The  company 
landed  a  CIO  with  firsthand  knowledge  of 
global  technology,  and  Crynes  can  continue 
working  internationally  from  the  comfort 
of  his  home  country. 

“It’s  good  to  be  home  again,”  he  says 
from  his  new  office  overlooking  the  Port 
of  Seattle.  “I’ve  been  out  of  the  country  for 
more  than  six  years,  and  I’m  sure  I  can 
bring  that  experience  into  this  organiza¬ 
tion  as  we  look  at  ways  to  support  our 
high-growth  business.” 

Crynes  is  no  stranger  to  caffeine  or  to 
high-growth  IT  integration.  Prior  to  Star- 
bucks,  he  was  CIO  for  Coca-Cola  Amatil 
in  Sydney,  Australia,  and  he  developed  an 
IT  road  map  that  included  a  customer- 
centered  e-business  solution  for  new  mar¬ 
kets  across  Asia-Pacific.  He  also  established 
a  strategy  for  business  units  to  localize 
common  solutions  for  individual  markets. 

His  plans  for  Starbucks  are  a  bit  more 
grandiose.  Crynes  inherited  a  domestic  IT 
squad  of  about  400.  Corporate  officials 
have  implored  him  to  hire  aggressively 
overseas.  As  Starbucks  cultivates  a  presence 
in  Asia,  Europe  and  South  America, 
Continued  on  Page  44 


Ron  Anderson  is  the  new  CTO  and  vice  president  of  development  at  Island 
Pacific,  a  division  of  Carlsbad,  Calif.-based  retail  software  developer  SVI 
Solutions.  Before  joining  Island  Pacific,  Anderson  founded  Active  Technologies 
and  served  as  its  CTO. 

Patrick  Sullivan,  the  former  CIO  of  Sigma  Networks,  has  taken  over  the  CTO  role 
at  Xpherix,  a  solutions  provider  based  in  Sunnyvale,  Calif,  in  his  new  position, 
Sullivan  will  be  in  charge  of  leading  global  operational  capabilities  such  as  engi¬ 
neering  development,  quality  assurance,  internal  applications  and  infrastructure. 


40  CIO  JUNE  1,  2002 


www.cio.com 


Is  A  Talented  Quarter  Turn. 

<M. 


MERCURY  INTERACTIVE 

Enterprise  testing,  Inning  and  performance  management 


Small  investment 

IN  YOUR  APPLICATIONS. 

Big  impact 

ON  YOUR  BOTTOM  LINE. 

Sometimes  your  IT  infrastructure  performs  in 
perfect  harmony.  Other  times,  it’s  a  step  out  of 
tune.  Mercury  Interactive  can  make  it  all  work 
in  concert.  Our  complete  testing,  production 
tuning  and  performance  management  solutions 
make  it  easy  to  evaluate  and  fine-tune  your 
entire  system.  Giving  you  the  maximum  return 
on  your  existing  investments.  We’ve  spent 
years  optimizing  business-critical  applications 
for  global  organizations.  And  we  can  help 
ensure  that  your  end  users  get  the  experience 
they  expect.  Plus,  you’ll  get  proof  that  your 
applications  are  running  at  their  peak  24x7. 
Tune  your  business  and  its  infrastructure  to 
perfection  with  Mercury  Interactive. 

DOWNLOAD  OUR  FREE  PAPER, 

"A  PROVEN  APPROACH  TO  OPTIMIZING 
PRODUCTION  SYSTEMS" 

www.mercuryinteractive.com/tune 


Sometimes 

The  Difference 

Between  Enjoyment  And  Annoyance 


O  2002  Mercury  Interactive  Corporation.  Mercury  Interactive  and  the  Mercury  Interactive  logos  are  registered  trademarks  ol  Mercury  Interactive  Corporation. 


WWW.MERCURYINTERACTIVE.COM/TUNE 


Introducing  Fujitsu  Consulting— a  partner  who  shares  your  vision 

In  times  like  these,  you  can’t  afford  to  work  with  a  consultant  who’s  single-minded. 
You  need  a  company  that  understands  the  true  meaning  of  collaboration.  At  Fujitsu 
Consulting,  we  share  your  vision  right  from  the  start,  and  we  never  lose  sight  of  your 
business  goals  throughout  the  process.  This  has  always  been  our  approach,  one  that 
further  benefits  from  the  expertise  and  resources  of  the  entire  Fujitsu  group,  which 
has  long  provided  world-class  IT  products  and  platforms  all  over  the  globe. 

Unique  ROI-focused  methodology 

As  a  forward-thinking  global  consulting  organization,  we  utilize  a  unique,  proven 
methodology  that  delivers  a  rapid  and  measurable  return  on  your  IT  investment. 
It  starts  by  focusing  on  the  results  the  client  expects  to  achieve.  It  then  provides 
a  road  map  through  the  design,  implementation  and  operation  of  the  solution  to 
achieve  the  desired  results. 

Industry  and  business-process  knowledge 

Fujitsu  Consulting  creates  tailored  solutions  for  a  variety  of  industries-in  particular, 
communications,  financial  services,  and  government.  Whether  it’s  core  back  office, 
front  office  or  extended  functions,  we  enable  companies  to  better  serve  their  customers 
and  collaborate  with  their  extended  supply  chain  of  employees,  vendors  and  partners. 

Fujitsu  Consulting— the  new  alternative 

In  creating  powerful  IT  solutions,  we  live  and  breathe  three  simple  ideas:  deep 
collaboration  with  our  clients,  an  eye-to-eye  approach,  and  a  passion  for  getting  the 
job  done.  It  is  the  unique  combination  of  global  scope  and  human  scale  that  sets  us 
distinctly  apart  from  our  competitors.  And,  perhaps,  earns  us  a  spot  on  your  short  list 
of  consulting  partners. 


FujlTSU 

THE  POSSIBILITIES  ARE  INFINITE 

us.fujitsu.com 


©2002  Fujitsu.  All  rights  reserved. 


ossib 


•  r*  •  , 

infinite 


lines 


Mister  Coffee 

Continued  from  Page  40 
Crynes  intends  to  nurture  a  local  IT  pres¬ 
ence.  He’ll  launch  smaller,  strategically 
located  regional  IT  shops  to  help  staffers 
simultaneously  cover  multiple  locations. 

To  ensure  operations  at  those  outposts 
are  linked  to  business  needs,  Crynes  will 
compile  and  distribute  a  toolkit  that 
includes  best  practices  and  standard  busi¬ 
ness  solution  models.  “When  we  go  into  a 
marketplace  like,  say,  Germany,  we’ll 
have  to  work  with  the  legacy  environment 
that  comes  with  that  venture,”  he  says. 
“Still,  we’ll  need  to  give  them  informa¬ 
tion  about  developing  middleware,  mon¬ 


itoring  performance  and  ultimately  mov¬ 
ing  forward  to  enhance  their  markets.” 

Crynes  also  plans  to  organize  his 
new  hires  into  what  he  calls  “dialogue 
teams,”  and  initiate  dialogues  in  four 
strategic  areas:  governance  process, 
enterprise  architecture,  resource  skills 
and  scorecard  compliance. 

By  addressing  those  issues  as  groups, 
Crynes  insists  that  Starbucks  will  be  able 
to  approach  IT  as  a  unified  team  that 
serves  all  business  units  as  a  whole,  both 
overseas  and  at  home.  That  is  critical  to 
the  success  of  any  organization,  he  says. 

If  anybody  knows  about  enterprise 
management,  it’s  Crynes.  During  a  30- 
year  IT  career,  he  has  worked  as  CIO  at 
Apple  Computer,  Bristol-Meyers  Squibb 


and  the  New  York  Daily  News. 

How  does  he  feel  these  experiences 
have  prepared  him  for  life  at  Starbucks? 
For  starters,  they’ve  given  him  a  sense 
of  perspective  on  how  IT  can  improve 
the  quality  of  life  for  the  business,  he 
says.  Perhaps  more  important,  he  feels 
they’ve  taught  him  that  even  the  best 
plans  won’t  work  without  the  right  folks 
to  carry  them  out. 

“In  an  aggressive  growth  situation, 
the  people  in  your  IT  department  can 
make  or  break  everything,”  says  Crynes. 
“I’ve  been  fortunate  enough  to  inherit 
a  top-notch  group  of  people  here,  a 
group  with  a  real  can-do  attitude.  Your 
people  make  all  the  difference  in  the 
world.”  -Matt  Villano 


THE  WORKPLACE 

Deadlines?  Arrrghhh!! 


FEELING  STRESSED  OUT  by  project  deadlines?  You’re 
not  alone.  Two  recent  surveys  of  business  executives  and 
senior  managers  have  outlined  and  evaluated  the  top  20 
causes  of  work-related  stress.  Two  groups  of  300  CIOs,  CEOs 
and  other  executives  surveyed  by  the  Net  Future  Institute  in 
January  said  deadlines  are  the  number-one  cause  of  personal 
and  interpersonal  office  anxiety.  Other  big  stress  inducers 
include  budget  constraints,  coworker  conflicts  and  job 
security  (or  lack  thereof). 

"Deadlines  are  ubiquitous,”  explains  Chuck  Martin, 
chairman  and  CEO  of  the  Institute,  a  North  Hampton, 

N.H. -based  think  tank  that 
identifies  and  analyzes 
business  management  and 
IT  trends.  “Nearly  every 
executive  at  every  level  of 
every  organization  deals  with 
them.” 

According  to  Martin,  some 
survey  participants  said  a 
certain  level  of  stress  in  the 
office  can  be  a  positive 
motivating  factor,  as  it  keeps 
people  alert.  On  the  other 
hand,  too  much  stress  can  be 
debilitating. 

Respondents  also  listed 
e-mail  overload,  performance 


Top  Five 
Causes  of 
Workplace 
Stress 

Q  Deadlines 
(?)  Budget  constraints 
Financial  stress  and 
earnings  pressure 
Q  Constant  change 
0  E-mail  overload 


expectations,  poor  organizational  communication,  political 
stress  and  the  impact  of  layoffs  as  some  of  the  other  factors  that 
raise  their  stress  level.  Bad  lighting  and  other  environmental 
issues,  as  well  as  pressure  from  direct  reports,  caused  the  least 
amount  of  workplace  anxiety. 

For  more  information  on  the  survey’s  results,  see 
www.netfutureinstitute.com.  -  -Simone  Kaplan 


? 


44  CIO  JUNE  1,  2002  •  www.cio.com 


ILLUSTRATION  BY  PAUL  HOWALT 


Your  Virtual  Private  Network  goes  live. 
All  is  secure  on  the  network. 


©2002  Cisco  Systems,  Inc,  All  rights  reserved,  Cisco,  Cisco  Systems,  the  Cisco  Systems  logo,  Empowering  the  Internet  Generation  and  Cisco  PowerelNetwork  are 
registered  trademarks  or  trademarks  of  Cisco  Systems.  Inc. 


SOLUTIONS  FOR  YOUR  NETWORK 


IP  COMMUNICATIONS 


VPN/SECURITY 


cisco.com/go/vpnsecurity 


CONTENT  NETWORKING 

+ 

OPTICAL  NETWORKING 

+ 

STORAGE  NETWORKING 

+ 

WIRELESS  AND  MOBILE  OFFICE 

+ 

It's  time  to  establish  secure  links  to  any  user,  anywhere.  With  Cisco  VPN 
solutions,  you  can  add  network  flexibility  while  reducing  costs  —  enabling  you 
to  safely  utilize  the  Internet  for  your  business-critical  applications.  With  Cisco 
AVVID  enterprise  architecture,  you  can  do  all  this  without  any  disruption. This 


Cisco  Systems 


standardized  enterprise  architecture  allows  you  to  seamlessly  integrate  voice,  video,  wireless,  and  data  applications  on 


Empowering  the 
Internet  Generation 


a  single,  scalable  network. This  includes  new  and  existing  technologies  alike.  Whether  you're  building  your  enterprise 
network  or  extending  it  with  Cisco  Powered  Network  services,  take  advantage  of  the  tools  below  to  get  it  done  right. 


^  VPN  Savings  Calculator 

Case  Studies 

Learn  About  Security 

Newsletter  Sign-up 

Join  Discussion 

Cisco  Powered  Network 

I  .  T  . 


STRATEGY 


trendlines 


x 


Wiring  the  World 


IF  YOU  THINK  setting  up  IT  strategy  in 
your  organization  is  difficult,  imagine 
doing  it  for  a  developing  nation,  where 
even  basic  electrical  infrastructure  may  be 
scarce. 

Twelve  technologically  and  economi¬ 
cally  disadvantaged  countries  are  work¬ 
ing  to  construct  their  own  development 
strategies.  They  have  solicited  the  assis¬ 
tance  of  the  Global  Digital  Opportunity 
Initiative  (GDOI),  a  partnership  estab¬ 
lished  in  February  between  the  United 
Nations  Development  Program  and  the 
Markle  Foundation,  a  New  York  City- 
based  nonprofit  organization  that  focuses 
on  IT  policy  issues.  The  initiative’s  mission 
is  to  help  developing  countries  identify 
ways  to  use  information  and  communi¬ 
cations  technologies  to  reduce  poverty, 
improve  health  care  and  education,  and 
establish  democratic  processes. 

Frederick  Tipson,  a  director  at  the 
Markle  Foundation,  says  that  GDOI  work¬ 


ers  feel  it  is  urgent  to  reduce  the 
disparity  in  wealth  and  technol¬ 
ogy  between  developed  and 
underdeveloped  nations.  “The 
problem  with  the  digital  divide 
is  that  it’s  getting  worse  even  as 
we’re  all  working  at  it,”  he  says. 

Technology  companies  such 
as  AOL  Time  Warner,  Cisco 
Systems,  Hewlett-Packard  and 
Sun  Microsystems  are  provid¬ 
ing  personnel  and  equipment 
for  the  project.  Consultants 
from  those  companies  and  the 
GDOI  help  government  admin¬ 
istrators  include  information 
and  communications  technolo¬ 
gies  in  their  development  strate¬ 
gies.  For  example,  if  a  country 
wants  to  set  up  distance-learning  facilities 
to  bring  health-care  education  to  remote 
villages,  it  must  first  determine  the  infra¬ 
structure  and  applications  needed  to  sup¬ 


port  e-learning,  the  cost  of  that  infrastruc¬ 
ture  and  a  way  to  fund  it  over  time.  That 
sounds  like  a  job  for  Superman,  or  at  least 
a  super  CIO. 


Don’t  Forget  the  People  By  Lafe  L 


MERGERS  AND  MAJOR  integration 
projects  all  involve  change,  and  few 
things  are  scarier  than  change.  To 
smooth  the  way  and  simplify  the  merger 
process,  effective  change  management 
leadership  needs  to  focus  on  basic 
human  principles.  The  cooperation  and 
participation  of  those  most  deeply 
affected  by  change  can  make  or  break  the 
effort. 

Accenture  has  devised  a  leadership  model  for  change 
management  through  mergers  called  its  Journey  Framework. 
The  framework  divides  the  management  issues  and  essential 
tasks  relating  to  mergers  and  major  integration  initiatives  into 
four  quadrants  or  categories.  The  categories  are  divided  along 
two  thematic  axes.  The  supply  and  demand  axis  encompasses 


programs  that  generate  change  from  the  outside  and  programs 
that  create  a  desire  or  need  for  change  in  the  workforce.  The 
macro  and  micro  axis  covers  the  large  scale— from  enter¬ 
prisewide  programs  down  to  those  that  affect  each  individual. 

Toward  the  macro  and  supply  side  of  the  quadrant,  planning 
and  navigating  change  are  the  main  priorities.  Change  should  be 
managed  so  that  it  is  a  gradual  process  of  sequential  steps,  rather 
than  one  sweeping  event.  Also,  in  the  macro  view  but  on  the 
demand  side  of  the  chain,  IT  leadership  must  provide  and  support 
strong  sponsorship  for  specific  projects  and  overall  initiatives. 

At  the  micro  view  on  the  supply  side,  key  tasks  center  around 
supporting  staff  with  the  right  content,  training  and  perform¬ 
ance.  If  the  manner  in  which  they  do  their  job  is  changing,  they 
must  have  senior  management  support.  On  the  demand  side, 
helping  staff  own  the  changes  through  constant  communication 
gives  them  greater  confidence  in  corporate  goals. 


46  CIO  JUNE  1,  2002  •  www.cio.com 


ILLUSTRATION  BY  OTTO  STEININGER 


Day  Software  can  take  you  there 


Day  is  a  proud  sponsor  of  the 
2002  CIO  100  Symposium  & 
Awards  Ceremony  honoring  the  top  100 

CIO's  in  the  world.  Register  to  win  a  trip  to  this 
4th  annual  event  at  the  Broadmoor  in  Boulder, 


gtiiiiSii 


■  .  I  ■  ■ 


wim 


Colorado  from  August  18  to  20th.  We  can  take 
you  there.  Visit  us  on  the  web  at: 

httpV/day.com/en/company/events/ciosymposium.html 


Best  of  Breed 
Next  Generation 

Enterprise  Content  Management 


and  Unify  Solutions 


By  Lorraine  Cosgrove  Ware 


trendlines 


Increase  Profit  and  Output:  Trade  Online 


DURING  THE  NEXT  10  YEARS, 

e-business  will  boost  the  U.S.  economy’s 
output  and  increase  the  production  of 
goods  and  services  by  15  percent,  accord¬ 
ing  to  Cambridge,  Mass.-based  Forrester 
Research.  Companies  will  move  27  per¬ 
cent  of  total  U.S.  trade — or  $6.9  trillion 
of  goods  and  services  transactions — 
online,  and  they  will  benefit  from  reduced 
transaction  costs  and  more  efficient  mar¬ 
kets  because  of  more  timely  pricing, 
inventory  and  demand  information. 
Currently,  only  5  percent  of  total  U.S. 
trade — or  $910.6  billion — is  transacted 
online,  according  to  Forrester  Research. 


Companies  that  work  now  to  link  dis¬ 
parate  internal  processes,  expand  their 
trading  partner  connections,  and  build 
or  rely  on  standards-based  applications 
stand  to  increase  profitability,  improve 
customer  responsiveness  and  break  ahead 

of  competitors. _ flFFINITION 


E-BUSINESS  PRODUCTIVITY 

Incremental  efficiency  gains  derived 
using  online  technology  to  coordinate 
business  activities  that  will  have  the 
greatest  positive  impact  on  financial 
services,  telecommunications  and 
utilities  sectors. 


Utilities  Lead  Web  Trade 


Best  Practices 

Examine  your  existing  processes.  Make 
improvements  and  adjustments  before  you 
move  them  online.  If  your  procurement 
process  requires  many  levels  of  approval, 
moving  that  online  won't  change  much, 
explains  Steven  Kafka,  former  research 
director  of  business  trade  at  Forrester 
Research.  Instead,  change  your  business 
rules  or  process  to  manage  by  exception, 
like  lowering  authorization  requirements 
for  purchases  under  a  certain  amount. 

Require  visible  executive  involvement. 

Build  a  team  of  both  IT  and  business  unit 
leaders  to  head  e-business  projects.  Meet 
regularly  to  evaluate  progress  and  assess 
the  effectiveness  of  changes  made.  Don’t 
assume  you  got  it  right  from  the  start. 


The  volume  of  U.S.  online  B2B  trade  by  industry  in  2001 

$234.7  B 

$202. 8B 

yHHHH  hhhhhhbHH 

;  ;u;  ■  ^ 

. 

$38.7  B  $33.3  B 


4 


,4 


G 


O 


0 


$11.4  B 


Web  Gains 

Productivity  gains  expected  as  a  result  of  moving  trading  processes  online 


MU  2004 


12012 


23.8% 


22.6% 


22.3% 


20.9% 


18.1% 


17.9% 


gTcF 


'U 


4 


4 


& 


■£> 


c° 


SOURCE:  "E-BUSINESS  PROPELS  PRODUCTIVITY."  FORRESTER  RESEARCH,  NOVEMBER  2001. 
ALL  PROJECTIONS  BASED  ON  THE  MOST  RECENT  AVAILABLE  U.S.  CENSUS  (1997). 


Pilot  a  Web  services  project  this  year.  Start 
building  your  e-business  foundation  now 
by  focusing  on  one  internal  business 
process  (such  as  distribution  warehousing 
or  demand  forecasting)  and  one  trusted 
business  partner.  Document  and  learn 
from  the  technical  and  business  processes. 


CIO  RESEARCH 


What  is  the  primary  purpose  of 
your  organization’s  Internet  site? 


ENABLE  VISITORS 
TO  LEARN  ABOUT 
THE  COMPANY 


0nly;16%  of 
companies  use 
their  website 

to  BUY,  SELL 
OR  TRANSACT. 


OTHER 


PROVIDE  INFORMATION 
ON  SPECIFIC  QUESTIONS 
(concerning  products, 
services  or  an  account) 


SOURCE:  CIO  "WEB  EXPECTATIONS”  SURVEY,  MARCH 
2002.  BASED  ON  RESPONSES  FROM  140  BUSINESS  AND 
I.T.  EXECUTIVES  REPRESENTING  A  RANGE  OF  INDUSTRIES. 


48  CIO  JUNE  1,  2002  •  www.cio.com 


m 


budgets  have  always  been  the  toughest  part  of 
your  job.  But  you  now  find  those  skills 
being  tested  like  never  before  when 
challenged  to  reduce  infrastructure 
costs  without  risking  your  long-term 
business  objectives. 

HP  Services  can  help:  thousands 
of  infrastructure  specialists  who  have 
provided  IT  operations  for  hundreds  of 
companies  around  the  world.  People 
who  work  with  you  to  address  virtually 
every  aspect  of  your  infrastructure.  From 
streamlining  operations  to  reducing 
overhead  to  simplifying  processes. 
All  while  ensuring  that  the  solution  is 
flexible  enough  to  evolve  with  your 
changing  needs. 

That's  because  our  outsourcing 
solutions  always  start  with  you— your 
issues,  your  people,  your  challenges. 
So  we  can  take  on  entire  operations 
or  parts  of  operations  depending  on 
the  specific  business  goals  you  hope 
to  achieve. 

HP  infrastructure  solutions  are 
engineered  for  the  real  world  of 
business.  Because  the  last  time  we 
checked,  that's  where  we  all  work. 
Call  1.800.HPASKME,  ext.  246.  Or  visit 
www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 


invent 


ipisjsi#' 


Jr  Cl||l 

rim 


SM 


ISilHi 


mmmmm 


»nmmm 


isaster  occurs  w 

:'A@'  »i 

j||''  .  fc 

IraF’t  '  HU 

Iff  I 

1||||  ■ 

Hi 

5-  Hi 

i  -f  ‘ 

Y  K?  'T '  v  f-> j  '  >'j  3 

14?  Sv  ^ 

>!'-f 

1 

1 

you're  not  prepared  for  one.  Its  a  lesson  you  don't  want  to  learn  the  hard  way.  Then  again,  it's  not 

every  day  that  a  serious  hurricane  makes  landfall  at  your  data  center. 
But  after  being  forced  to  brave  the  fury  delivered  by  "the  storm  of 
the  century"  in  order  to  prevent  total  loss  of  mission  critical  data  — 
the  folks  at  the  IT  service  center  of  Mitsubishi  Chemical  America,  Inc. 
knew  they  needed  a  backup  plan. 

They  turned  to  HP.  Rather  than  recommend  a  totally  redundant 
backup  data  center  in  another  location,  HP  worked  with  MCA  on  a 
more  creative  solution  involving  HP  servers,  storage,  software  and 
support  services. 

Together,  they  developed  a  plan  that  not  only  involved  on-site 
recovery  services  but  actually  utilized  HP's  own  disaster  recovery 
center.  HP  even  helped  MCA  through  several  disaster  recovery 
rehearsals— just  to  make  sure  there  would  be  no  surprises  next  time 
the  unthinkable  happened. 

HP  infrastructure  solutions  are  engineered  for  the  real  world 
of  business.  Because  the  last  time  we  checked,  that's  where  we  all  work. 
Call  1.800.  HPASKME,  ext.  246.  Or  visit  www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 


invent 


Total  Leadership 


Time  to  Go 

Deciding  to  leave  a  company  can  be  one  of  the  toughest 
choices  a  leader  has  to  make.  Here’s  how  to  do  it  right. 

BY  PATRICIA  WALLINGTON 

“PARTING  IS  SUCH  SWEET  SORROW.”  Shakespeare  had  it  right— 
and  not  just  when  it  comes  to  love.  That  phrase  can  resonate 
equally  well  when  we  find  it  is  time  to  move  on  to  a  new  job 
or  company.  Even  the  best  of  leaders  in  the  best  of  companies 
may  find  it  necessary  to  make  a  move  at  some  point  in  their 
career.  Have  you  ever  stayed  in  a  position  when  it  was  no  longer 
beneficial  to  you,  frozen  by  pangs  of  separation?  When  is  it  time 
to  go?  The  go  or  stay  decision  could  be  one  of  the  most  criti¬ 
cal  career  decisions  you  make.  Here  are  some  considerations. 

The  Party’s  Over 

Most  of  us  join  a  company  expecting  to  be  there  until  we  retire, 
but  it  doesn’t  always  work  out  that  way.  Events  or  circum¬ 
stances  often  lead  us  to  that  crucial  decision  to  depart. 

Been  there,  done  that.  The  challenge  is  gone.  The  work  seems 
repetitive  and  the  opportunity  for  new  challenges  appears  dim. 
You’re  concerned  that  your  skills  will  atrophy  in  this  static 
environment.  It  is  time  to  go. 

Company-itis.  Your  company  is  sick.  Revenue  is  down,  prof¬ 
its  are  a  thing  of  the  past,  and  expenses  have  been  cut  to  the 


bone.  Understanding  whether  the  company  is  in  a  death  spiral 
or  just  suffering  a  temporary  down  cycle  can  be  the  key  to  a 
quality  decision  on  your  part.  Hard  times  can  be  full  of  oppor¬ 
tunities  for  dedicated  employees  willing  to  stick  it  out,  so  be  sure 
to  consider  that  before  making  the  decision  to  leave. 

A  new  order.  Reorganizations  can  derail  careers.  Roles  change, 
power  shifts,  new  players  emerge.  All  the  effort  in  building  a  rela¬ 
tionship  and  credibility  with  your  boss  feels  wasted  when  a  new 
leader  arrives.  If  you  think  the  investment  necessary  to  reestab¬ 
lish  relationships  will  be  too  great,  then  it  may  be  time  to  leave. 
But  be  sure  to  recognize  that  any  new  opportunity  in  another 
company  will  require  an  even  greater  investment — without  the 
support  of  your  established  network. 

A  tarnished  image.  Does  your  star  shine  less  brightly?  Your 
status  may  have  changed  in  the  company.  Unfortunately,  per¬ 
formance  appraisals  are  not  always  good  clues  to  how  you  are 


5  2  CIO  JUNE  1,  2002  •  www.cio.com 


ILLUSTRATION  BY  JAMES  O'BRIEN 


agaamaMgs^amaasg 


LESS  HEAD 


-4f 


yy 


storage  software  company. 


v\ 

mt 

-mm 


- 


spsssrSJ-^s^as^sssssssjBS1- 


veritas.com 


VERITAS 


©joo a  VERITAS  Software  Corporation.  All  rights  reserv  ed.  VERITAS  and  the  VERITAS  logo  are  trademarks  or  registered  trademarks  of 
V  ERITAS  Software  Corporation.  All  other  trademarks  are  the  property  of  their  respective  ow  ners. 


Total  Leadership 


perceived.  Assess  the  environmental  clues.  Are  you  listened  to? 
Is  your  advice  sought  after?  Do  you  get  invited  to  the  key  meet¬ 
ings?  Do  your  compensation  and  perks  match  your  contribu¬ 
tions?  Keeping  a  heads-up  approach  to  understanding  your 
value  will  enable  you  to  see  its  diminution  early.  If  the  situa¬ 
tion  can’t  be  corrected,  it  may  be  time  to  leave. 

There  are  also  other  signals  that  can  provide  encouragement 
for  making  that  move.  Maybe  you  hit  the  glass  ceiling.  Al¬ 
ternatively,  if  you’ve  had  a  significant  failure  in  a  risk-averse 
company,  you  may  not  be  able  to  recover.  Even  a  major  suc¬ 


cess  can  be  a  trigger  (“How  can  she  ever  top  that?”).  Whatever 
the  reasons,  making  the  decision  to  move  requires  careful 
thought  and  lots  of  courage. 

I’m  Out  of  Here 

When  the  big  decision  is  made,  you  need  to  prepare.  Do  not 
go  directly  to  the  nearest  exit.  This  is  not  a  fire  drill.  Take  the 
time  to  make  the  transition  smoothly. 

Have  a  destination.  Always  plan  to  go  to  something  better 
than  your  current  situation.  Do  not  run  just  because  you’re  in 
an  unpleasant  situation,  no  matter  how  tempting  it  may  be. 
Know  why  you  are  leaving  and  that  your  new  situation  will 
not  have  the  same  (or  worse)  issues.  Know  the  details  of  the 
new  job,  company  and  culture  before  accepting  the  position. 

Let  your  head  rule.  Breaking  up  is  hard  to  do.  Acknowledge 
the  difficulty  of  leaving  colleagues  and  friends,  but  let  your  intel¬ 
lect  drive  the  decision.  During  one  of  my  moves,  a  colleague 
tried  to  dissuade  me  by  pointing  to  the  loss  of  the  network  I  had 
built  in  the  company  (my  groupies,  as  he  referred  to  them). 
This  was  a  powerful  emotional  tie,  but  I  made  the  move  as 
planned.  For  me,  it  was  the  right  decision,  though  I  still  have 
fond  memories  of  my  groupies. 

Face  forward.  Once  the  decision  is  made,  move  forward  with 
confidence.  The  best  part  of  our  career  is  always  ahead  of  us. 
Constantly  rethinking  and  waffling  on  the  decision  are  debili¬ 
tating.  The  decision  will  be  right  for  you  because  you  will  make 
it  right. 

Keep  it  quiet.  Discretion  is  the  best  approach  during  this 
period.  Keep  your  deliberations  to  yourself,  and  use  as  small  a 
circle  of  advisers  as  possible  until  the  official  communication. 
Maintain  your  commitment  to  your  current  responsibilities. 


The  facts  will  surface  at  the  right  time.  No  comments  from 
you  will  stop  the  rumors  anyway. 

Demonstrate  amazing  grace.  Leave  with  grace  and  dignity. 
Now  is  not  the  time  to  blast  the  company  on  all  its  shortcom¬ 
ings.  Be  grateful  for  the  advantages  you  had  and  the  experience 
you  gained.  Don’t  burn  bridges;  in  doing  so,  you  may  eliminate 
future  opportunities.  I  actually  worked  for  the  same  company 
twice  in  my  career,  and  it  even  tried  to  bring  me  back  a  third 
time.  I  decided  not  to  try  for  a  record. 

Clean  up.  Leave  the  organization  in  good  shape.  Finish  any 
commitments  that  fall  within  the  time 
frame  of  your  departure.  Complete  per¬ 
formance  appraisals  for  your  people.  In  a 
transition  plan  for  your  successor,  iden¬ 
tify  any  burning  issues. 

R.I.P.  Expect  your  legacy  to  be  deval¬ 
ued  once  you  leave.  Everything  that  goes 
wrong  is  blamed  on  the  departed  leader. 
Fortunately,  this  is  a  short-term  phenom¬ 
enon.  Time  has  a  way  of  validating  great  leaders. 

Let  go.  When  you  leave,  let  go  of  everything  but  the  rela¬ 
tionships.  Your  contacts  can  add  to  the  strength  of  your  net¬ 
work  and  provide  support  in  your  new  role. 

Please  Don’t  Give  In  To... 

There  are  many  paths  to  an  effective  move,  but  there  are  some 
things  that  should  definitely  be  avoided. 

Ego  trips.  When  looking  at  new  opportunities,  you  can  eas¬ 
ily  get  caught  up  in  the  thrill  of  the  search.  While  an  enthusi¬ 
astic  reception  is  satisfying  for  the  ego,  make  sure  the  other 
elements  of  the  offer  fit  your  objectives  too,  or  the  enthusiasm 
will  be  fleeting  for  everyone. 

Irrational  exuberance.  Your  decision  to  leave  (or  stay)  should 
be  founded  on  solid  reasoning.  Don’t  be  impetuous. 

Analysis  paralysis.  Once  decided,  just  do  it! 

Power  of  the  known.  The  known  may  feel  safer  than  the 
unknown,  but  often  it  is  not.  Do  your  research  to  dispel  some  of 
the  mystery  of  the  new  situation.  Part  of  the  excitement  of  a 
new  situation  is  what  is  yet  to  be  experienced. 

Buyer’s  remorse.  At  some  point  within  the  first  three  months 
in  a  new  job,  you  will  have  a  panic  attack.  You  have  discov¬ 
ered  some  of  the  issues  of  the  new.  Recognize  this  for  what  it 
is,  and  embrace  the  challenges  for  success. 

Whatever  you  decide,  good  luck.  HPi 


How  have  you  known  it  was  time  to  go?  Let  us  know  at 
ieadership@cio.com.  Before  retiring  in  1999,  Patricia 
Wallington  was  corporate  vice  president  and  CIO  at 
Xerox.  She  is  now  president  of  CIO  Associates  in 
Sarasota,  Fla. 


Expect  your  legacy  to  be  devalued  once  you  leave 
Everything  that  goes  wrong  is  blamed  on  the 
departed  leader. 


5  4  CIO  JUNE  1,  2002 


www.cio.com 


PHOTO  BY  FURNALD/GRAY 


"...that  our  MetLife  customers  can  more  easily  manage 
their  financial  future. 

"The  MetLife  mission  is  to  build  financial  freedom 

for  our  customers.  KPMG  Consulting  worked  with 
us  to  design  and  build  an  on-line  system  faster  than 
we  had  thought  possible.  The  new  system  gives 

"We're  delighted  that  we  surprised  MetLife  with  how 
quickly  we  were  able  to  help  them  design  and  build  their 
new  on-line  system. 

"But  we're  even  happier  that  the  system  helped  them 
become  an  even  more  successful  company. 

"After  all,  that's  the  reason  we're  in  business." 

our  customers  a  single  site  for  enrollment,  product 
information,  and  performance. 

"Our  customers  and  our  own  employees  are 
very  happy  with  their  ‘new  freedom.'  Customer 
satisfaction  scores  are  up,  and  so  are  employee 
productivity  and  our  operating  earnings.” 

YOU  CAN  HEAR  THEIR  STORY  @ 

www.kpmgconsulting.com/results 

BUSINESS  SYSTEMS:  STRATEGY  IMPLEMENTATION  RESULTS 

/CP/WG  Consulting 

1 

Mark  Hammersmith  Paul  McDonnell 

CIO  Institutional  Business,  MetLife  Managing  Director,  Financial  Services,  KPMG  Consulting 


"We  told  KPMG  Consulting: 
we  need  a  web-based 
enrollment  system  so  simple..." 


02002  KPMG  Consulting.  Inc.  All  rights  reserved  KPMG  Consulting.  Inc.  is  an  independent  consulting  company. 


w$  \  m 

- 

■ 


VI 


: 

: 

;  ■ 


SpM 


. 

$f<  : 

!0wWmM 


g  ^  «  ssgs  5; -S^s. 


Dependable  technology  builds  confidence. 


When  you  set  out  to  conquer  e-business  challenges,  success  or  failure  often 
hinges  on  your  technology  partner.  Consider  the  partner  that  4  out  of  5  Fortune  500 
companies  already  trust:  Sterling  Commerce.  With  a  25-year  track  record  of  helping 
businesses  successfully  improve  performance  and  operating  metrics,  no  partner  is 
more  dependable  or  more  knowledgeable. 

Integrating  existing  processes?  Developing  new  ones?  Building  entire  electronic 
trading  communities?  Look  to  us  for  dependable  software  and  services. 

It's  all  a  matter  of  confidence. 


J  sterling  commerce 


B2B  done  dependably 


www.sterlingcommerce.com 

Sterling  Commerce  is  an  SBC  Communications  Inc.  company 
©2002  Sterling  Commerce,  Inc.  ALL  RIGHTS  RESERVED. 


CXO  Perspectives 

Views  from  the  Executive  Suite 


Lessons  in 
Shareholder 

Value 

To  deliver  real  value  to  the  business, 
CIOs  must  make  all  investment  decisions  with 
the  company’s  long-term  goals  in  mind 

BY  RAGHAVAN  RAJAJI 

CIOS  AND  CFOS  may  not  always  see  eye-to-eye,  but  one  topic  is  dear  to  the 
hearts  of  both,  and  that’s  value.  CIOs  aim  to  create  value  through 
the  efforts  of  their  IT  organization  and  the  systems  and  technol¬ 
ogy  the  organization  implements;  CFOs  seek  to  guarantee  that 
value  is  delivered  enterprisewide.  Unfortunately,  value  is  one  of 
those  terms  that  everyone  loves  to  throw  into  a  conversation  as 
evidence  of  the  importance  of  their  efforts,  often  without  a  clear, 
consistent  meaning.  The  picture  gets  even  murkier  when  you  take 
into  account  all  the  metrics  and  methods  out  there  that  claim  to 
capture  this  mysterious  thing  we  call  value:  ROI,  net  present 
value,  the  Balanced  Scorecard  and  the  like,  as  well  as  external 
indicators  such  as  the  stock  price.  It  can  be  a  confusing  mess. 

How  should  value  be  defined?  It  all  comes  down  to  whether 
you’ve  increased  the  wealth  of  the  organization’s  shareholders. 
If  you  have,  you’ve  succeeded  in  creating  value;  if  you  haven’t 
increased  that  wealth,  you  haven’t  created  value.  Shareholder 
value  is  what  it’s  all  about. 

What  It  Is— and  Isn’t 

In  simplistic  terms,  every  for-profit  organization’s  goal  is  to  cre¬ 


ate  consistent,  profitable  growth  for  the  company  and  a  return  to 
the  investor  that  is  consistently  above  what  he  could  earn  some¬ 
where  else  at  a  similar  risk.  When  you  improve  that  return  on 
investment,  you’re  creating  shareholder  value.  It  is  critical  to 
remember  that  all  investments  an  organization  makes  should 
create  shareholder  value;  if  they  don’t,  then  the  money  is  better 
spent  elsewhere. 

Management’s  job  is  to  find  the  right  businesses,  strategies 
and  investments  that  consistently  grow  the  company’s  prof¬ 
itably  over  time.  Conceptually  this  is  not  difficult  to  grasp,  but 
there  are  several  factors  that  make  achieving  that  goal  decid¬ 
edly  unclear. 

First,  there  is  no  single  metric  you  can  use  on  an  operational 
level  to  measure  shareholder  value.  It  is  a  high-level,  multifac¬ 
eted  and  long-term  concept,  and  there  is  no  single  number  you 
can  use  to  guide  decision  making.  The  best  way  to  measure 


5  8  CIO  JUNE  1,  2002 


www.cio.com 


ILLUSTRATION  BY  ALEX  NABAUM 


Only  a  Xerox  Document  Centre*  shifts  your  office 
into  overdrive.  It  prints,  copies,  faxes,  scans  and  e-mails 
like  no  other.  Saving  you  time  and  money. 
There’s  a  new  way  to  look  at  it. 


Performance  proves  it.  Top  companies  know  it. 

That’s  why  86%  of  Fortune  500®  companies  rely 
on  Document  Centre  Multifunction  systems  to  save 
them  time  and  money*  Our  unique  design  provides 


maximum  network  performance.  The  result  is  cost- 
crunching  productivity  that  puts  your  business  way 
ahead  of  the  pack.  To  find  out  how  we  can  save 
your  business  time  and  money,  get  in  touch  today. 


Visit:  wvifw.xerox.com/vroom  Call:  1-800-ASK-XEROX  ext.VROOM 


The  document  company 

XEROX. 


*C oriam  I’Vv'i  irrYAnT  Centre  foati  irac  ara  r\r*tinr»al  fPlOnfiO  YPROY  CORPORATION  All  nnhtc  rpcoruoH  YPROY*  Thra  Hon  imant  C nmnan\/*  Hnn  imont  C rantro*  anH  Thoro'c  a  no\A/  \A/au  tn  lrv>k  at  it  are  tradomartc  nf  YPROY  CORPORATION 


CXO  Perspectives 


shareholder  value  is  to  break  it  down  into  a  series  of  smaller- 
scale  metrics  that,  put  together  in  the  right  proportions,  demon¬ 
strate  shareholder  value.  Those  smaller  metrics  are  the  ones 
you  see  being  used  in  varying  combinations  in  an  organiza¬ 
tion’s  day-to-day  operations — things  such  as  net  income,  earn¬ 
ings  per  share  and  so  on. 

A  company  can  track  its  day-to-day  process  and  operational 
metrics  to  demonstrate  that  it  is  achieving  its  short-term  goals, 


Short-term  indicators  such  as  revenue,  stock 
price  and  growth  don’t  necessarily  say  anything 
about  shareholder  value,  especially  when  you 
look  at  them  in  isolation. 


which,  by  design  and  in  aggregate,  help  support  its  long-term 
plans  for  delivering  shareholder  value.  A  critical  point  to 
remember,  though,  is  that  those  metrics  are  directly  linked  only 
to  the  short-term  objectives;  doing  well  on  them  individually 
says  nothing  per  se  about  whether  the  company  is  creating 
shareholder  value. 

That  is  often  where  trouble  arises,  such  as  what  we  saw  dur¬ 
ing  the  dotcom  frenzy,  when  everyone  assumed  that  high  stock 
prices  meant  a  company  was  delivering  real  value.  Enron  also 
looked  great  based  on  stock  price  and  appeared  to  be  grow¬ 
ing,  but  in  reality  those  were  empty  measures  that  didn’t  reflect 
shareholder  value. 

The  bottom  line:  Shareholder  value  is  a  long-term  notion 
that’s  very  complex  to  compute.  Short-term  indicators  such 
as  revenue,  stock  price  and  growth  don’t  necessarily  say  any¬ 
thing  about  shareholder  value,  especially  when  you  look  at 
them  in  isolation. 

Why  IT  Matters 


four  short-term  goals:  reducing  cost,  boosting  productivity, 
improving  efficiency  and  increasing  customer  satisfaction.  Very 
likely,  you  will  find  yourself  with  several  potential  projects  that 
all  promise  benefits  in  one  or  more  of  those  areas.  To  decide 
among  them,  prioritize  based  on  your  understanding  of  how 
well  each  supports  the  long-term  goals  of  the  organization  and 
how  well  each  will  ultimately  affect  shareholder  value. 

I  once  witnessed  a  situation  in  which  that  was  not  done  well. 

The  company’s  ET  department  was  eval¬ 
uating  an  ERP  investment  for  one  of  its 
divisions.  The  project  made  great  sense 
for  the  division,  but  what  the  decision 
makers  didn’t  know  was  that  the  com¬ 
pany  was  planning  to  shut  down  that 
division.  So  they  approved  the  project, 
spent  the  money,  and  the  division  was 
shut  down  a  year  later. 

As  is  true  in  so  many  situations,  that 
never  would  have  happened  if  there  had 
been  perfect  sharing  of  information 
among  divisions  and  department  executives.  But  it’s  a  great 
example  of  why  CIOs  need  to  stay  informed  about  their  com¬ 
pany’s  long-term  plans. 

Having  a  real  understanding  of  expected  returns  is  also  criti¬ 
cal.  Some  companies  publish  guidelines,  such  as  rules  for  the 
minimum  expected  risk-adjusted  returns,  that  can  help  CIOs 
understand  how  the  company  wants  to  balance  risk  and  payoff 
in  the  long  run  in  order  to  deliver  shareholder  value.  When  I 
worked  at  Occidental  Petroleum,  we  had  a  matrix  of  minimum 
rates  of  returns  broken  down  by  project  type  and — because  we 
were  multinational — by  country.  It’s  also  important  to  consider 
how  much  it  costs  to  create  any  increment  of  growth.  Beyond 
a  certain  amount,  the  growth  may  not  be  worth  what  it  costs 
to  create  it — it  may  not,  in  fact,  create  shareholder  value. 

The  bottom  line  here  is  alignment.  Any  given  project  may 
create  incremental  return,  but  it  may  not  be  enough  to  sup¬ 
port  the  company’s  long-term  goals  for  creating  shareholder 
value.  That’s  where  the  CIO’s  understanding  is  critical. 


IT  projects,  like  those  from  anywhere  else  in  the  organization, 
need  to  support  the  company’s  long-term  goals.  Sometimes 
you  can  use  short-term  objectives  to  evaluate  whether  to 
approve  a  project,  but  they  must  always  be  in  line  with  your 
long-term  goals.  As  you’re  weighing  a  number  of  potential 
investment  alternatives,  the  trick  is  to  remember  that  achieving 
short-term  goals  is  not  the  whole  story — support  of  long-term 
goals  is  much  more  important.  The  CIO  must  understand  the 
company’s  strategy  and  long-term  goals,  and  be  able  to  priori¬ 
tize  projects  accordingly. 

In  general,  IT  projects  should  support  some  combination  of 


How  to  Embrace  It 

To  make  shareholder  value  your  guiding  light  in  all  investment 
decisions,  make  sure  you  do  the  following. 

Remember  that  operational  metrics  support  only  short-term 
goals  directly.  Favorable  measurements  don’t  necessarily  mean 
you’re  creating  shareholder  value. 

Understand  the  organization’s  long-term  objectives.  In  some 
organizations,  CIOs  are  not  necessarily  informed  about  long¬ 
term  goals.  If  that’s  the  case  at  your  company,  it’s  up  to  you 
to  get  proactive.  The  information  won’t  come  to  you — you 
need  to  go  out  and  get  it.  Build  relationships  with  influential 


6  0  CIO  JUNE  1,  2002 


www.cio.com 


Application 

Infrastructure 


Human  Capital 
Management 


Supply  Chain 
Management 


Customer  Relationship 
Management 


Financial  Management 


leSott.  Inc.  PeopleSoft  is  a  registered  trademark  of  PeopleSoft,  Inc. 


Intranet  know-how 
from  those  who 
know  how*  i 

Get  a  first  hand  look  as  Microsoft  reveals  a  new  answer  to  Intranet 
challenges— SharePoint  Portal  Server  and  the  Microsoft  Solution  for 
Intranets— an  internal  portal  solution.  See,  first  hand,  how  these 
solutions  can  empower  your  knowledge  workplace  within  your  Intranet! 


Sponsored  by: 


Microsoft 


Discussion  Topics 

•  Deliver  collaborative  team  services 


•  Deploy  portals  rapidly  throughout  your  organization 

•  Capture  information  in  new  ways  that  makes 
sense  for  your  business 

•  Improve  information  management  and  discovery 

•  Broadcast  delivery  of  business  communications 
to  every  desktop 


11891 


iMBHiilUiBilBIIM 


webcast 


of  ITworld.com  and  CXO  Media 


ROI:  Return 
on  Intranets 

Getting  immediate  business 
value  from  your  current 
intranet  investments 


Ali  Byrd 

SharePoint  Portal  Server 
Product  Manager 

Microsoft 


Gary  Beach 
Group  Publisher 
CXO  Media,  Inc. 


Tune  in  today  and  take  advantage  of  this  incredible  opportunity  to  learn 
about  Intranet  portal  solutions  and  how  they  can  help  your  business. 


www.itworld.com/ms_spsl 


Sponsored  by 


Produced  by 


Microsoft 


CXO  Perspectives 


senior  executives;  develop  the  connections  throughout  the 
organization  you  need  to  stay  informed. 

Align  the  goals  of  the  IT  department  with  those  of  the  organ¬ 
ization.  If  you’re  rowing  in  different  directions,  you  won’t  get 
anywhere.  Enough  said. 


Any  given  project  may  create  incremental  return, 
but  it  may  not  create  shareholder  value.  The  bottom 
line  is  alignment. 


Really  understand  the  concept  of  ROI,  including  adjust¬ 
ments  for  acceptable  risk,  and  know  your  organization’s  mini¬ 
mum  expectations. 

Evaluate  every  IT  investment  with  a  long-term  perspective. 
Ask  how  the  project  will  support  long-term  objectives,  and 
assess  the  incremental  return.  If  it  falls  below  your  company’s 
cutoff,  don’t  even  put  it  on  the  list. 

Those  are  the  dos.  In  this  way,  a  CIO  who  really  under¬ 
stands  shareholder  value  can  go  beyond  evaluating  proposed 


projects  to  being  the  one  who  proactively  identifies  high- 
priority  needs  that  haven’t  already  been  brought  to  the  table. 
That’s  how  a  CIO  becomes  CEO. 

The  main  caution  I’ll  end  with  is  to  make  sure  you  don’t 
get  seduced  by  IT  for  its  own  sake.  During  the  past  18  months 

or  so,  an  incredible  number  of  compa¬ 
nies  have  written  off  huge  expendi¬ 
tures — in  the  $100  million  range — in 
software  and  consulting  for  large,  inte¬ 
grated  systems.  These  systems  were 
viewed  by  many  as  the  solution  to  every 
company’s  problems  and  adopted  with¬ 
out  a  real  understanding  of  the  costs, 
risks  and  returns.  In  the  end,  they  didn’t  just  fail  to  create  share¬ 
holder  value — they  destroyed  it.  By  asking  the  right  questions, 
CIOs  can  prevent  that  from  happening  again.  BE] 


What  topic  would  you  like  to  see  discussed  from  the 
CFO’s  perspective?  Tell  us  at  cxoperspectives@cio.com. 
Raghavan  Rajaji  is  executive  VP  and  CFO  for  Rockville, 
Md. -based  Manugistics,  a  supply  chain  management 
software  company. 


It's  true.  We're  devoted  to  three  things:  you,  you,  and  you.  From  our  dedicated  600-member 
Customer  Relations  Organization  to  our  flexible  licensing  agreements,  we're  doing 
business  on  your  terms.  Not  ours.  It's  another  way  that  the  company  you've  always 
counted  on  for  innovative  software  is  providing  innovative  business  solutions.  To  find  out 
more,  or  to  hear  what  some  of  our  customers  have  to  say,  go  to  ca.com/innovation. 


Computer  Associates 


j  herein  belong  to  their  re 


2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks  and  logos 


CIO  Observer 

Viewing  the  World  Without  Spin 


Life  Among  the 
Seriously  Bored 

Why  do  CIOs  go  numb  or  go  crazy? 
Because  one-size-fits-all  IT  has  taken  all  the  fun 

(and  challenge)  out  of  the  job. 

BY  JERRY  GREGOIRE 

l’M  a  MEMBER  IN  GOOD  STANDING  of  the  Rolodex  Club.  Here’s  how 
you  can  tell  if  you  are  a  member.  The  phone  rings,  and  there’s 
a  recruiter  on  the  line.  You  know  how  the  call  goes. 

Some  “forward-thinking”  company  headquartered  in  the 
coldest,  grayest  city  in  the  continental  United  States  is  hell-bent 
on  dominating  the  world  market  in  edible  oils  and  is  convinced 
(at  long  last)  that  technology  is  the  answer.  Top  management 
wants  a  world-class,  high-profile  CIO,  and  though  the  posi¬ 
tion  won’t  report  to  the  CEO,  there’ll  be  plenty  of  direct  con¬ 
tact.  The  compensation  package  is  “competitive”  but  varies 
depending  on  the  candidate,  and  there  is  the  possibility  of  an 
IPO  some  time  in  the  future,  should  the  owner  and  all  his  heirs 
suddenly  die  at  the  same  time.  They  are  wondering  if  you  have 
any  suggestions  for  candidates  for  a  position  like  this. 

You  know  this  is  championship  twaddle,  of  course.  No  one 
is  interested  in  your  suggestions;  they  already  know  far  more 
CIOs  than  you  do.  They  want  to  know  if  you  are  interested,  if 
you  are  feeling  insecure  or  restless  or  bored  enough  to  apply 
your  estimable  talents  to  the  sweet  science  of  deep-fat  frying. 

Are  you  bored?  Be  honest.  Most  of  the  CIOs  I’ve  talked  to 


6  4 


in  the  past  year  (some  of  the  best  in  the  profession)  tell  me 
they’re  terribly  bored  right  now.  I’ve  listened  to  a  few  theories 
on  why  that  is;  most  have  to  do  with  reduced  budgets  or  Y2K 
being  finished  or  the  e-commerce  slowdown.  But  I  think  the 
problem  actually  runs  deeper  than  that.  First  of  all,  after  the  first 
three  to  five  years,  any  CIO  worth  his  salt  will  have  blown 
through  most  of  the  meaningful  systems  issues  and  problems, 
and  will  be  thrashing  around  looking  for  bigger  challenges.  And 
if  there  aren’t  any  where  he  is,  surely  big  challenges  can  be 
found  elsewhere. 

To  digress  a  moment,  this  is  where  the  old  adage  “never  be 
the  replacement  for  a  successful  CIO”  really  comes  from.  Sure, 
it’s  hard  to  follow  a  great  act,  but  who  wants  to  inherit  a  depart¬ 
ment  or  systems  environment  with  no  big  problems? 

I  used  to  think  there  was  something  wrong  with  CIOs  who 
changed  jobs  every  few  years.  I  imagined  they  must  be  incom- 


CIO  JUNE  1,  2002 


www. cio.com 


ILLUSTRATION  BY  STEVEN  DANA 


> 


greater  than  /  abbrev:  > 

You  know  just  as  good  isn't  good  enough.  Today's  leading  companies  have  to  be  greater  than  the 
competition  by  a  wide  margin.  At  Sprint,  we've  got  the  network,  the  people  and  the  services  that  can 
help  you  build  unequalled  and  sustainable  competitive  advantage. 

An  intelligent  network 

Advantage  one:  our  network.  It  was  built  from  the  ground  up  as  a  unified  whole.  (No  technological 
patchwork  here.)  That  means  we  deliver  unsurpassed  reliability  and  interoperability,  so  you  can  leverage 
existing  investments  in  systems  and  applications  and  migrate  to  our  latest  and  greatest  technology  —  like 
3G  mobile  solutions  for  greater  productivity  —  when  you're  ready.  In  fact,  we're  the  only  provider  that 
owns  and  operates  both  its  own  nationwide  wireless  and  wireline  access  to  your  critical  data  apps. 

A  network  of  intelligence 

Advantage  two:  our  people  and  services.  We  have  over  2,200  technical  and  support  professionals, 
including  1,500  trained  engineers.  Plus,  we're  an  industry  leader  in  on-staff  Cisco  Certified  Technicians 
and  Certified  Security  Specialists.  So  what  are  all  these  people  doing?  Answering  your  questions.  Building 
your  customized  applications.  And  working  to  help  ensure  your  systems  are  safe  and  secure. 

Greater  competitive  advantage  —  another  sign  of  an  intelligent  network  and  the  people  who  make  it 
work  (for  you). 


For  more  ideas  on  building  competitive  advantage,  access  our  library  of 
white  papers  at  sprint. com/whitepapers/10  or  call  1-877-519-1708. 


Sprint 


Copyright  ©  Sprint  2002.  All  rights  reserved 


CIO  Observer 


petent,  impossible  to  get  along  with  or  worse.  To  be  sure,  this 
is  absolutely  true  in  a  small  percentage  of  cases,  but  it’s  not 
true  most  of  the  time. 

CIOs,  like  many  other  creative  types,  come  in  two  very 
different  yet  equally  valuable  flavors.  The  methodical  plod¬ 
der/caretaker  type  is  happy  to  operate  over  the  long  haul,  build¬ 
ing  slowly,  improving  incrementally  and  maintaining  a  stable 
base  for  the  company  to  operate  on.  The  more  common  type 
might  best  be  described  as  the  change  agent/risk  taker — that 
fearless,  high-energy  character  with  a  mild  case  of  attention 
deficit  disorder  who  is  brought  in  to  incite  action  or  rescue  a 
department  or  project.  This  second  type  will  show  up  in  a  new 


job,  fix  the  problems  (or  hit  the  brick  wall  that  was  specially 
erected  to  make  sure  that  nobody  could  fix  the  problems)  and 
immediately  get  restless  when  the  job  shifts  to  maintenance.  The 
same  attributes  that  make  this  type  of  CIO  effective  fixing  big 
problems  also  tend  to  make  them  short-timers  and,  inciden¬ 
tally,  an  inevitable  source  of  irritation  to  the  company  they 
work  for. 

If  you’ve  been  in  the  same  CIO  job  for  10  or  so  years  and 
you’re  not  bored,  you’re  either  an  extraordinary  person  or  lucky 
enough  to  be  in  extraordinary  circumstances.  Either  way, 
you’ve  successfully  conquered  one  of  the  most  daunting  chal¬ 
lenges  of  any  successful  career.  If,  on  the  other  hand,  you  find 
that  you’re  bored,  not  only  are  you  in  good  company,  but  it 
probably  says  some  very  positive  things  about  you  personally. 

The  Laws  of  Entropy 

The  second  cause  of  epidemic  boredom  is  clearly  more  destruc¬ 
tive  and  intractable.  There  was  a  time  when  a  new  technology 
or  tool  could  break  down  into  thousands  of  new  processes, 
products,  services  and  applications.  The  advent  of  PCs  and 
DOS  and  networks  forced  us  to  rethink  applications,  architec¬ 
tures  and  development  methodologies.  The  Internet  challenged 
us  to  break  through  the  walls  of  our  companies  and  reach 
directly  into  the  frontal  lobes  of  our  customers.  While  chaos  has 
no  place  in  the  application  of  IT,  it’s  a  necessary  component  in 
creating  new  solutions.  That  seems  to  be  missing  these  days. 

If  you  take  a  look  around,  what  you  see  now  is  a  whole 
lotta  nothin’.  Most  of  the  time,  money  and  marketing  are  spent 
simply  to  dress  up  assorted  swine  with  bangles  like  wireless, 
broadband  and  (too  little,  too  late)  security.  Much  of  the  dull 


sameness  has  been  brought  on  by  our  fealty  to  Microsoft  (need 
I  say  more),  our  dependence  on  canned  goods  like  ERP  and 
CRM  (which  have  made  the  notion  of  substantive  differentia¬ 
tion  among  competitors  a  thing  of  the  past),  and  finally 
(weirdly),  recruiters  and  recruiting  practices  in  general. 

The  social  critic,  poet  and  novelist  Paul  Goodman  once 
wrote,  “Few  great  men  could  pass  Personnel.”  I  have  to  wonder 
whether  the  sameness  we  see  among  IT  organizations,  the  solu¬ 
tions  they  develop  and  the  way  they  develop  them  isn’t  in  some 
way  tied  to  the  sameness  we  see  among  the  members  of  the 
Rolodex  Club.  Clubs,  after  all,  imply  commonality.  The  two 
most  important  qualifications  for  membership  are  a  good 

resume  and  the  promise  that  you  won’t 
embarrass  the  recruiter  who  sent  you.  A 
very  successful  recruiter  friend  of  mine 
told  me  recently  that  he  operates  on  a 
three-strikes  rule.  No  matter  how  quali¬ 
fied  the  candidate,  if  she  doesn’t  get  a 
job  after  he’s  sent  her  on  three  interviews, 
she’s  dropped  from  his  list  forever. 

Wear  a  decent  suit,  speak  in  complete  sentences,  and  don’t 
scare  the  client  by  expressing  your  desire  to  build  rather  than 
buy  or  to  experiment  with  original  ideas. 

Like  it  or  not,  the  ability  to  serve  up  candidates  who  make 
a  good  first  impression  is  how  recruiters  are  measured  and  ulti¬ 
mately  rewarded.  This  natural  tendency  to  pay  more  atten¬ 
tion  to  marketing  than  substance,  in  case  you  were  wonder¬ 
ing,  helps  explain  why  so  many  incompetent,  insane  CIOs  keep 
landing  good  jobs  after  being  fired  from  the  previous  five. 

So  what’s  the  answer  to  this  boredom  problem?  I’m  not 
sure.  What  I  do  know  is  that  while  the  causes  may  be  global, 
the  solutions  will  have  to  be  local.  The  cure  for  boredom 
may  not  be  doing  the  obvious  thing  (changing  jobs,  for  exam¬ 
ple);  instead,  why  not  use  the  fact  that  you  may  not  want  (or 
be  able)  to  keep  your  current  job  much  longer  as  license  to 
take  some  risks?  Conceive  an  unimaginably  risky  project  with 
astronomical  returns,  and  build  it  from  scratch.  When  they  tell 
you  you  can’t  have  the  money,  build  it  anyway.  Shut  down 
an  ERP  implementation  and  build  a  unique  solution  that  will 
set  your  company  apart.  Charter  a  skunk  works  with  no  par¬ 
ticular  goal  in  mind.  Set  aside  an  hour  each  day  to  do  the 
things  that  attracted  you  to  IT  in  the  first  place,  like  writing 
or  designing  applications. 

Could  this  stuff  get  you  fired?  Maybe. 

But  don’t  sweat  it.  You’re  in  the  Rolodex 
Club.  HB 


Editor  at  Large  Jerry  Gregoire  is  a  former  CIO  of  Dell 
Computer  and  Pepsi  Cola.  He  is  haunted  by  reader 
feedback  at  jgregoire@cio.com. 


While  chaos  has  no  place  in  the  application  of 
IT,  it’s  a  necessary  component  in  creating  new 
solutions.  That  seems  to  be  missing  these  days. 


66  CIO  JUNE  1,  2002  •  www.cio.com 


PHOTO  BY  STEVE  RAWLS 


< 


less  than  /  abbrev:  < 

As  markets  sag  and  budgets  shrink,  we  know  you're  trying  to  do  more  and  more  with  less  and  less.  So 
here  are  just  a  few  ways  Sprint  can  help  you  create  more  value  for  a  lot  less  (less  hassle,  less  time,  less 
waste,  less  money  —  you  get  the  picture). 

One  source  from  voice  to  data  to  wireless 

Sprint  gives  your  business  the  advantage  of  one  single  point  of  contact  domestically  and  globally  for 
voice,  data,  Internet  and  managed  services.  Our  integrated  approach  means  everything  works  together  to 
help  you  lower  your  administrative  and  management  costs. 

Second  to  none  in  network  reliability 

Our  self-healing  SONET  ring  architecture  provides  99.999%  reliability.  (It  doesn't  get  much  better  than 
that.)  In  fact,  Sprint's  long  distance  network  had  the  fewest  FCC-reportable  outages  of  the  top  three  major 
competitors  for  the  sixth  straight  year.  So  you  get  the  virtually  error-free  data  and  voice  transmissions  that 
help  ensure  your  customers'  loyalty  and  your  company's  bottom  line. 

Customized  integration 

Sprint  lets  you  leverage  the  investment  you've  already  made  in  most  existing  systems  and  applications. 
But  when  you're  ready  to  move  to  new  technology,  we've  made  it  faster  and  more  affordable  by 
investing  in  interoperable  product  platforms.  (Our  network  boasts  seamless  interoperability  between 
IP,  Frame  Relay  and  ATM  platforms.)  And  using  existing  network  solutions  and  equipment  while  you 
adopt  new  technologies  can  drive  lower  capital  expenditures. 

More  value  at  a  price  that's  less  than  you  might  think  —  another  sign  of  an  intelligent  network  and  the 
people  who  make  it  work  (for  you). 


Find  out  how  to  create  more  value  with  invaluable  (but  free)  white  papers 
from  Sprint.  Visit  sprint. com/whitepapers/10  or  call  1-877-519-1708. 


Sprint 


Copyright  ©  Sprint  2002.  All  rights  reserved. 


Chevron 


■£.fm 


t  I  Chevron 

Self  1  M 

1  k0 

1 

Cover  Story  |  Supply  Chain  Management 

When  ChevronTexaco  stopped  worrying  about 
how  much  oil  it  could  pump  and  started 
worrying  about  how  much  its  customers 
wanted,  it  began  driving  cost  out  of  its 
supply  chain,  increasing  efficiency 
and  transforming  its  business 

BY  BEN  WORTHEN 


AT  4  IN  THE  AFTERNOON 

on  Feb.  25,  2002,  Margo  Hassel- 
man,  a  25-year-old  University 
of  California  law  student,  pumps 
13.87  gallons  of  regular  un¬ 
leaded  into  her  white  1998 
Toyota  Camry  at  the  Chev¬ 
ron  station  on  145  Love 
Lane  in  Danville,  Calif.  The 
Love  Lane  Chevron  is  the 
very  model  of  a  modern 
filling  station,  with  all  the 
amenities  the  residents  of 
this  wealthy  San  Francisco 
suburb  expect:  eight  pay-at- 
the-pump  lanes,  a  24-hour 
convenience  store,  there’s 
even  a  carwash. 

Underground,  it’s  just  as  mod¬ 
ern.  The  14,250  gallon  tank  for 
super  unleaded  and  the  19,000 
gallon  tank  for  regular  (the  midgrade 
fuel  is  a  mixture  of  the  two)  are  larger 
than  the  10,000  gallon  norm.  Each  tank 


Drilling 

t  for  P\/or\/ 


Every 

Drop 

of  Value 


Reader  ROI 

►  Understand  how  a  best 
in-class  supply  chain 
operates 

►  Learn  how  IT  allowed 
ChevronTexaco  to  move 
from  a  supply-driven  to  a 
demand-driven  business 
model 


www.cio.com  •  JUNE  1.  2002  CIO  69 


Cover  Story  |  Supply  Chain  Management 


is  equipped  with  an  electronic  level 
monitor  that  conveys  real-time 
information  about  its  status  through 
a  cable  to  the  station’s  management 
system  and  then  via  satellite  to 
the  main  inventory  management 
system  for  ChevronTexaco,  the  San 
Ramon,  Calif.-based  oil  giant.  When 
Hasselman  tops  off  her  Toyota,  the 
Love  Lane  station’s  tanks  hold 
3,538  gallons  of  super  and  5,877  of 
regular.  Unless  the  tanks  are  filled 
soon,  the  station  will  run  out  of  gas. 

Of  course,  since  it  opened  in 
August  2001,  the  Love  Lane  Chev¬ 
ron  has  never  had  a  run-out. 


BEST-IN-CLASS  VS.  MEDIAN 

Inventory:  35  days  vs.  74  days 

Cash-to-cash  cycle:  36  days  vs. 
84  days 

Response  time  for  a  20%  rise  in 
demand:  9  days  vs.  20  days 


BEST-IN-CLASS  DEFINED  AS  THE  TOP 
20  PERCENT  IN  ITS  INDUSTRY. 

SOURCE:  2001  PRTM  BENCHMARKING  STUDY 


It’s  the  Demand,  Dummy 

During  the  past  10  years,  Chev¬ 
ronTexaco,  the  nation’s  eighth 
largest  company,  with  revenue  of 
$104  billion,  has  used  detailed  con¬ 
sumer  demand  data  to  all  but  elimi¬ 
nate  run-outs  and  retains  (the  indus¬ 
try  term  for  a  delivery  aborted 
because  the  tank  is  too  full) — the 
industry’s  twin  evils  (see  “Run-Outs 
and  Retains,”  Page  71).  That  data, 
and  the  integration  work  that 
fallowed  it  to  be  shared  across  the 
company,  improved  decision  mak¬ 
ing  at  every  point  in  what  the  industry  calls  the 
downstream,  or  customer-facing  supply  chain  that 
begins  once  the  oil  is  earmarked  for  the  refinery 
(as  opposed  to  the  upstream  chain,  which  includes 
hunting,  drilling  for  and  pumping  oil).  In  1997, 

Chevron’s  confidence  in  the  reliability  of  its 
demand  data  had  reached  the  point  where  the 
company  for  the  first  time  used  demand-forecast¬ 
ing  to  determine  how  much  oil  it  would  refine  on 
a  monthly  basis,  with  weekly  and  daily  checks, 
thereby  transitioning  the  company  from  a  supply-driven  to  a  demand- 
driven  enterprise.  That  first  year,  Chevron’s  downstream  profits 
jumped  from  $290  million  to  $662  million  on  the  same  refining 
capacity  and  number  of  retail  stations. 

Louie  Ehrlich,  ChevronTexaco ’s  CIO  for  global  downstream,  says 
that  while  it’s  difficult  to  isolate  the  exact  percentage  of  that  jump 
and  attribute  it  to  the  business  model  change — as  opposed  to  a  boom¬ 
ing  economy  and  the  increasing  ability  to  replace  human  workers 
with  technology — the  move  has  revolutionized  the  business.  “It  was 


a  fundamental  shift  to  take  the  customer  view,” 
he  says,  in  a  slow,  molasses-thick  Mississippi 
drawl.  “  [Before  the  shift]  we  acted  like  a  manu¬ 
facturing  company,  just  trying  to  make  products, 
when  really  the  market  was  customer-driven.” 

It  doesn’t  make  sense  to  manufacture  some¬ 
thing  simply  because  you  can,  but  that’s  exactly 
what  Ehrlich  says  thousands  of  companies  that 
don’t  match  production  to  customer  demand  are 
doing.  A  smart  company,  he  says,  realizes  that 
its  business  is  not  making  a  product,  it’s  selling  the  product.  Every 
time  you  make  too  much  or  too  little  of  whatever  it  is,  you’re  intro¬ 
ducing  cost  into  your  supply  chain. 

And  Cutting  Cost  Is  the  Name  of  the  Game 

John  Cross,  former  CIO  of  ChevronTexaco  rival  British  Petroleum, 
says  that  if  you  can’t  get  cost  out  of  your  supply  chain,  “indeed, 
you  are  dead,”  and  he  adds  that  this  is  an  area  where 
ChevronTexaco  has  done  particularly  well.  “They  are  heavily 


Louie  Ehrlich, 
ChevronTexaco’s 
CIO  for  global 
downstream, 
says,  “It  was  a 
fundamental 
shift  to  take  the 
customer  view.” 


t  < 


Best-in-Class 


How  supply  chain 
collaboration  pays  off 


70  CIO  JUNE  1,  2002  •  www.cio.com 


PHOTO  BY  ANDY  FREEBERG 


involved  with  SAP,  and  they  have  done  a  lot  of  good  work  with  back- 
office  systems  for  integrating  supply  and  demand,”  he  says,  refer¬ 
ring  to  an  ongoing  ChevronTexaco  project  to  integrate  the  view  of 
customer  data  across  the  company. 

But  in  1997,  the  year  Chevron  decided  to  let  demand,  and  demand 
only,  drive  production,  the  company’s  systems — station  manage¬ 
ment,  terminal  management,  transportation  coordination,  refinery 
scheduling  and  so  on — were  still  isolated  from  one  another.  Planners 
at  the  various  points  across  the  supply  chain  had  to  share  data  man¬ 
ually  or  flip  between  applications,  introducing  deadly  cost.  Since 
then,  the  company  annually  invests  about  $15  million  in  supply 
chain  technology  in  the  United  States  alone — a  figure  that  doesn’t 
include  the  $200  million  SAP  project  Cross  mentions.  With  the  help 
of  those  technologies,  which  include  proprietary  systems  that  capture 
real-time  data  and  even  more  advanced  planning  systems,  Chevron’s 

2000  profits  increased  by  more  than  $100  million  to  $778  million. 
Ehrlich  traces  all  the  improvements  back  to  the  switch  to  a  demand- 
driven  business  model,  which,  he  says,  “Allows  you  to  take  a  big¬ 
ger  picture  view  of  the  operation  because  you  have  information.  It 
allows  you  to  turn  the  information  into  knowledge.” 

The  Future  of  Business 

Peter  Wietfeldt,  a  director  in  the  Stamford,  Conn.,  office  of  consultancy 
PRTM,  says  ChevronTexaco ’s  supply  chain  provides  a  glimpse  into  the 
future.  “Since  about  the  mid-1990s,  we’ve  seen  companies  trying  to 
be  much  more  demand-driven  instead  of  just  supply-driven,”  he  says. 
“Not  all  industries  have  moved  as  far  and  as 
fast  [as  the  oil  industry],  but  there  are  certainly 
industries  that  can  almost  do  what  Chev¬ 
ronTexaco  can  do  in  their  ability  to  go  from 
exploration  to  the  pump.” 

For  the  companies  that  can  use  demand 
data  from  their  trading  partners  to  drive  pro¬ 
duction,  the  benefits  are  staggering.  PRTM’s 

2001  benchmarking  study,  which  followed  a 
segment  of  companies  across  industries  for 
three  successive  years,  found  that  best-in-class 
collaborators — defined  as  the  top  20  per¬ 
cent — operated  their  supply  chains  twice  as 
efficiently  as  median  companies.  These  com¬ 
panies  are  the  ones  best  able  to  monitor  the 
demand  and  adjust  their  production  or  inven¬ 
tory  accordingly,  says  Wietfeldt.  The  study 
found  that  best-in-class  companies  carried 
half  as  much  inventory  (35  days  versus  74), 
completed  the  cash-to-cash  cycle  more  than 
twice  as  fast  (36  days  to  84),  and  were  pre¬ 
pared  to  meet  a  sustainable  20  percent  rise  in 
demand  in  nine  days  compared  with  20  days 
for  the  median  businesses. 


“The  old  idea  of  ‘Let’s  just  be  better  at  forecasting  what’s  going 
to  happen  three  months  out  and  put  commitments  in  place  that  will 
allow  us  to  meet  that’  is  going  away,”  says  Wietfeldt.  “Companies 
are  realizing  that  the  only  accurate  demand  data  they  have  is  what  is 
going  to  happen  tomorrow.” 

In  other  words,  the  quicker  an  enterprise  can  incorporate  the  most 
recent  demand  data,  the  more  efficient  it  will  be.  And  the  only  way 
to  do  that  is  to  understand  what  is  happening  at  the  point  of  sale  or, 
where  possible,  the  point  of  consumption.  Of  course,  this  is  not  the 
type  of  data  that  manufacturers,  wholesalers  or  anyone  else  who 
doesn’t  sell  directly  to  the  end  consumer  typically  has  access  to.  In 
order  to  get  it,  says  Wietfeldt,  companies  need  to  “collaborate  with 
customers  and  share  information  up  and  down  the  supply  chain.” 

In  this  regard,  ChevronTexaco,  along  with  its  petroleum-producing 
counterparts,  is  in  a  unique  position  to  harness  the  advantages  of  cross¬ 
supply-chain  information  sharing  without  the  usual  barriers  of  cultural 
or  competitive  resistance.  The  petroleum  industry  is  the  last  haven  of 
the  massively  vertically  integrated  company.  ChevronTexaco  controls 
the  oil  from  the  time  the  company  finds  it  and  pumps  it  out  of  the 
sand  or  out  of  the  sea  to  when  you  fill  up  your  car  at  one  of  its  stations. 
And  ChevronTexaco  controls  all  the  information  from  every  pipe, 
tank,  ship,  distribution  point  and  way  station  along  the  way. 

Even  Chevron  Buys  Gas 

The  downstream  supply  chain  begins  on  an  office  floor  in  San 
Ramon  and  on  another  in  Houston,  where  oil  and  gasoline  traders 


Run-Outs  and  Retains 

The  cost  of  NOT  doing  business 


THE  PETROLEUM  INDUSTRY  is  broken  into  two  halves.  Upstream  covers  refining  and 
distribution.  The  goal  of  the  downstream  half  of  the  oil  industry  supply  chain  is  to  avoid 
both  run-outs  and  retains.  Run-outs  are  bad.  During  a  run-out,  not  only  is  the  station 
not  making  money,  it  is  turning  away  customers  who  will  then  fill  up  elsewhere  and  may 
never  return.  Retains— in  which  a  truck  is  unable  to  unload  a  delivery  because  there 
isn’t  enough  room  in  the  station’s  tanks  and  must  return,  full,  to  the  terminal— are  only 
slightly  better.  (Because  of  safety  and  environmental  policies,  once  a  truck  begins 
pumping  gas,  it  has  to  empty  its  tank;  if  it  can’t  empty  its  tank,  it  can’t  begin  pumping.) 
Every  time  a  truck  visits  a  filling  station,  it  costs  ChevronTexaco  about  $150.  If  a  visit  is 
wasted,  that's  $150  down  the  drain.  With  8,000  Chevron  stations  in  the  United  States 
averaging  a  delivery  every  36  hours,  retains  can  add  up  fast. 

Run-outs  and  retains  are  not  just  issues  for  the  retail  stations.  They  figure  in  at  every 
step  of  the  downstream  supply  chain,  which  begins  when  the  raw  crude  arrives  on  our 
shores  from  wherever  it  has  been  pumped  out  of  the  ground.  For  example,  a  tanker 
waiting  to  deliver  crude  to  a  refinery  can  be  charged  as  much  as  $30,000  a  day  in 
docking  and  unloading  fees.  Obviously,  the  more  efficiently  ChevronTexaco  walks  the 
line  between  run-outs  and  retains,  the  more  profitable  the  company  becomes.  -B.W. 


www.cio.com  •  JUNE  1,  2002  CIO  71 


are  looking  at  an  integrated  marketing  and  refining  sales  and  pro¬ 
duction  plan  to  decide  how  much  crude  and  how  much  gasoline  to 
buy  on  the  open,  or  spot,  market.  Traders  used  to  be  thought  of  as 
cowboys  who  relied  just  as  much  on  instinct  as  they  did  on  infor¬ 
mation.  Now  they  use  up-to-date  customer  demand  data. 

Regional  coordinating  teams  consisting  of  representatives  from 
refining,  marketing  and  logistics  use  the  same  data — the  information 
from  Love  Lane  multiplied  by  all  the  integrated  ChevronTexaco  filling 
stations,  plus  other  points  of  sale  such  as  airlines  and  trucking  com¬ 
panies — to  plan  a  refinery’s  load:  for  example,  50  percent  gasoline, 
30  percent  diesel  and  20  percent  jet  fuel.  ChevronTexaco,  however, 
sells  more  than  the  company’s  seven  domestic  refineries  can  produce. 
Most  of  the  difference  is  made  up  through  long-term,  agreements  with 
other  oil  companies.  But  those  agreements  don’t  take  into  account 
the  changes  in  demand  from  month  to  month,  says  Doug  Gleason, 
ChevronTexaco’s  regional  manager  of  product  supply  east. 

To  respond  to  those  changes,  ChevronTexaco  must  buy  gasoline 
on  the  spot  market.  In  any  given  month,  the  company  could  buy 
up  to  30  percent  of  its  gasoline  that  way.  “A  trader  just  bought 

72  CIO  JUNE  1,  2002  •  www. cio.com 


25,000  barrels  this  morning,”  says 
Gleason. 

The  shift  to  a  demand-driven 
model  and  the  continued  refinement 
of  the  demand-forecasting  technol¬ 
ogy  has  allowed  spot  buyers  to  dra¬ 
matically  cut  cost.  Before,  buyers 
would  react  to  supply  shortfalls, 
buying  the  gasoline  they  needed 
when  they  needed  it,  regardless  of 
price.  As  with  any  market,  when 
demand  spikes  so  does  price.  An 
accurate  forecast  at  the  beginning 
of  the  month  means  that  buyers 
know  exactly  how  much  they  need 
to  buy  and  can  spend  the  month 
-looking  for  bargains.  During  the 
course  of  a  month,  says  Gleason, 
buyers  can  average  savings  between 
a  quarter  to  a  third  of  a  cent  per  gal¬ 
lon.  That  can  add  up  to  as  much  as 
$400,000  a  month.  “Good  demand 
information  causes  a  person  to  time 
their  acquisitions  much  more  intel¬ 
ligently,”  he  says. 

Why  Keeping  Tank  108 
Filled  Is  Critical 

Tonight,  the  Love  Lane  Chevron  is 
scheduled  to  receive  3,150  gallons  of 
super  and  5,950  gallons  of  regular 
(gasoline  truck  tanks  have  three  compartments  and  hold  a  total  of 
10,000  gallons). 

Information  from  Love  Lane’s  monitors  is  sent  via  satellite  to 
ChevronTexaco’s  Customer  Order  Entry  and  Dispatch  Center  in 
Concord,  Calif.,  where  load  planning  software  minimizes  the  num¬ 
ber  of  deliveries  needed  to  keep  a  station  running  while  avoiding  run¬ 
outs  or  retains.  The  demand  forecasting  and  scheduling  system  has 
tentatively  planned  the  next  five  deliveries  as  well,  although  they 
will  be  updated  with  new  information.  The  demand  planning  sys¬ 
tem  from  Cambridge,  Mass. -based  Aspentech  is  new.  After  a  year 
in  development,  it  went  live  in  the  last  quarter  of  2001.  It  replaced 
an  8-year-old  system  designed  around  a  proprietary  algorithm  devel¬ 
oped  by  ChevronTexaco  mathematicians.  Early  returns  indicate  that 
the  new  system  will  reduce  transportation  cost  by  6  percent. 
Furthermore,  the  demand  data  stored  in  the  systems  will  inform 
every  decision  made  in  the  downstream  supply  chain. 

Shortly  after  1 1  p.m.,  a  truck  picks  up  the  gas  destined  for  Love 
Lane  at  the  Chevron  terminal  in  Avon,  about  a  half  hour  away. 
The  Avon  terminal  has  eight  tanks  ranging  in  height  from  43  feet 


PHOTO  BY  ROCKY  KNETEN 


to  54  feet,  two  truck-filling  lanes  and  a  one- 
story  tin-roofed  office  building  on  about  10 
acres  of  land.  Tank  108,  one  of  the  termi¬ 
nal’s  largest,  holds  2.5  million  gallons  of 
unleaded  gasoline.  It  is  70  percent  full  right 
now.  Trucks  enter  and  leave,  taking  9,100 
gallons  at  a  time.  Like  at  the  filling  station, 
terminal  inventory  is  tracked  in  real-time. 

The  terminal’s  inventory,  combined  with 
the  demand  data  from  the  stations  that  it  serves,  helps 
ChevronTexaco  determine  how  often  Tank  108  needs  to  be  filled. 

Avoiding  terminal  run-outs  isn’t  simply  a  matter  of  waiting  until 
a  tank  is  two-thirds  empty  and  then  filling  it  back  up.  Tank  108 
alone  takes  two  and  a  half  days  to  fill,  and  if  the  tank  is  low  when 
a  sudden  spike  in  demand  caused  by  unusually  warm  weather,  a 
sudden  drop  in  prices  or  a  special  event  like  the  Olympics  happens, 
the  event  could  run  it  out  and  force  delivery  trucks  to  be  rerouted 
from  terminals  farther  away,  adding  costs  up  and  down  the  supply 
chain.  A  bigger  problem  is  the  demanding  pipeline  schedule.  There 
are  only  a  limited  number  of  pipelines  from  each  refinery,  which 
are  reconfigured  based  on  the  target  terminal.  And  they  are  con¬ 
stantly  in  use.  When  Tank  108  isn’t  receiving  gas,  another  tank — 
or  another  terminal — is.  Schedulers  use  the  demand  data  and  the 
terminal  inventory  to  create  a  tank-refilling  plan  that  optimizes  the 
use  of  the  pipeline  for  all  the  terminals  a  refinery  serves. 

What  This  Means  to  You 

Information  technology,  which  enabled  business  to  capture  accurate 
demand  information  and  allowed  it  to  share  that  information  between 
systems,  made  the  move  to  a  demand-driven  business  model  possible. 
However,  Ehrlich  stresses  that  this  was  not  just  an  IT  project  but  a 


business-model  transformation.  The  systems 
that  managed  the  information  across  the  sup¬ 
ply  chain  were  important  but  not  as  impor¬ 
tant  as  how  the  business  used  the  information. 
In  fact,  even  today  most  of  ChevronTexaco’s 
downstream  supply  chain  systems  are  custom- 
built  and  poorly  integrated.  For  example,  the 
filling  stations  and  the  terminals  and  the 
refineries  all  have  separate  management  sys¬ 
tems.  Schedulers  and  traders  who  want  to  find  information  from  dif¬ 
ferent  parts  of  the  supply  chain  have  to  flip  back  and  forth  between 
applications.  ChevronTexaco  is  only  now  finishing  a  master  system, 
the  SAP  project  set  to  go  live  in  the  first  quarter  of  2003,  that  will 
replace  its  legacy  back-office  systems  and  a  suite  of  proprietary  termi¬ 
nal  and  refinery  management  systems.  But  for  now,  just  like  for  the 
past  five  years,  the  company  shares  information  by  linking  different 
systems  together  through  work-arounds — just  like  a  vertically  disin¬ 
tegrated  company  would  have  to  do. 

Dwight  Klappich,  an  analyst  with  Stamford,  Conn. -based  Meta 
Group,  says  that  from  a  technical  standpoint  any  company  could  do 
what  ChevronTexaco  is  doing;  companies  are  simply  reluctant  to  share 
numbers  that  have  traditionally  been  considered  closely  guarded  com¬ 
petitive  secrets.  If  Goodyear  knew  when  GM  was  almost  out  of  tires, 
it  could  replenish  the  carmaker’s  stock  before  it  ran  out,  saving  GM 
a  lot  of  grief  and  lost  revenue  opportunities.  But  GM  is  scared  that  if 
it  shares  the  low  inventory  information,  the  supplier  would  jack  up 
the  price.  The  only  collaborative  successes  to  date,  says  Klappich, 
“are  when  you  have  a  channel  master  that  can  dictate  participation.” 

Wal-Mart,  for  example,  is  famous  for  its  ability  to  combine  infor¬ 
mation  from  companies  across  their  supply  chain  with  demand  and 
inventory  data  from  its  stores  to  minimize  operating  cost  and  reduce 

prices.  Of  course,  that  requires  a  lot  from  its 
suppliers.  Nestle  USA,  for  example,  created 
a  vice-president-level  position  exclusively  to 
manage  business  with  Wal-Mart.  That’s  an 
illustration  why,  despite  the  myriad  advan¬ 
tages  of  collaboration,  change  is  slow. 

Ehrlich’s  own  experience  is  enough  to  con¬ 
vince  him  that  the  benefits  of  sharing  infor¬ 
mation  outweigh  any  possible  negatives. 
“Fundamentally  it  is  all  about  making  sure 
we  have  product  where  it  needs  to  be,  when 
it  needs  to  be  there,  in  the  cheapest  possible 
way  we  can  get  it  there,”  he  says.  The  bottom 
line  is  that  using  demand  information  is  simply 
“the  most  cost-effective  way  of  doing  it.”  HID 


Has  your  company  made  supply  chain  improve¬ 
ments?  Let  Staff  Writer  Ben  Worthen  know  at 
bworthen@cio.com. 


Bigger  Is  Better 

Why  Chevron  and  Texaco  merged 


THE  OCTOBER  2001  MERGER  between  Chevron  and  Texaco  produced  a  company  with 
$104  billion  in  annual  revenue  and  created  cost-cutting  opportunities  through 
economies  of  scale.  While  it  is  too  soon  to  report  any  long-term  savings  from  the 
merger,  says  Paul  Larson,  an  analyst  who  covers  ChevronTexaco  for  Chicago-based 
financial  analyst  Morningstar,  “that  is  clearly  what  the  market  is  expecting  and  what 
the  stock  price  indicates.”  Since  the  merger,  ChevronTexaco  stock  has  hovered  around 
$90  a  share. 

There  are  other  advantages  as  well.  The  combined  entity  now  has  operations  in  180 
countries  and  is  the  largest  oil  producer  in  the  lower  48  states.  John  Cross,  former  CIO 
of  competitor  British  Petroleum,  says  that  the  merger  makes  ChevronTexaco  a  global 
power.  “Being  midsize  helps  nothing.  The  old  companies  were  not  big  enough  to  take 
on  the  big  guys,  but  they  were  too  big  to  be  efficient  like  the  small  guys.”  -B.W. 


PEER  RESOURCES 


Point  of  sale  info  for 
nontechnology  execs 

To  share  more  on  customer  data  with 
your  peers,  e-mail  them  MAKING  USE 
OF  ALL  THAT  DATA  from  Darwinmag 
.com  at  www.cio.com/printlinks. 


www.cio.com  •  JUNE  1,  2002  CIO  73 


Copyright  ©2002  Genuily  Inc.  All  rights  reserved.  GENUITY,  GENUITY  and  Design,  BLACK  ROCKET  VOICE,  BLACK  ROCKET  and  the  Rocket  Design  are  each  trade 


Network  INTERRUPTION 


if  your  network  goes  down,  your  business  goes  down. 
And  suddenly  you're  going  nowhere  fast.  At  Genuity, 
our  mission  is  to  help  ensure  that  never  happens. 

With  Genuity's  Black  Rocket  Voice™  voice  and  data 
are  combined  on  a  single,  secure  IP  network.  Providing 


failover  support  to  your  existing  PBX  telephone  system.  And 
reducing  the  risk  of  downtime  as  the  result  of  planned  or 
unplanned  disruptions.  It's  a  smart  alternative  to  traditional 
switched  and  dedicated  long  distance  services. 

But  technology  is  only  part  of  the  story.  You  need  the 


vs.  Network  CONTINUITY 


right  people,  too.  At  Genuity,  our  experts  will  work  with  you 
to  help  ensure  the  continuity  of  your  business  by  planning 
for  the  unexpected.  We  can  assess  the  security  of  your 
entire  Web  infrastructure  to  identify  vulnerabilities  and 
mitigate  day-to-day  risks.  And  we  can  monitor  and  maintain 


your  network  24x7x365  to  reduce  the  likelihood  of 
unplanned  network  failures. 

For  further  information  call  1-800-GENUITY  or  visit  us 


at  genuity.com/continuity. 
And  keep  things  rolling. 


GENUITY 


Security 


Most  computer 
attacks  come  from 
outside  the  company. 

But  the  costliest 
ones  come  from  the 
inside.  Here’s  how 
to  manage  the  risk 
without  making 
honest  employees 
feel  like  crooks. 


When  John  Michael  Sullivan  moved  to  Charlotte,  N.C., 
to  help  develop  a  mobile  computer  program  for  Lance 
Inc.,  he  hung  up  an  old  plaque.  Inscribed  “Dr.  Crime’s 
Terminal  of  Doom,”  the  memento  celebrated  Sullivan’s 
youthful  love  of  the  movie  Indiana  Jones  and  the 
Temple  of  Doom— and  his  reputation  as  a  computer 
hacker  who  went  by  the  handle  Dr.  Crime. 

“I  was  a  hacker  long  before  being  a  hacker  was 
cool,”  Sullivan  wrote  on  a  webpage  the  FBI  later 
found  on  his  hard  drive, 


describing  his  affection 
for  the  plaque.  "More  than 
once  I  was  accused 
(falsely?)  of  perpetrating 
acts  of  computer  crime 
against  various  systems 
and  agencies.  But  regard¬ 
less  if  I  did  or  didn’t,  I 
never  got  caught....  And 


Reader  ROI 

►  Learn  why  your  biggest 
security  risks  are  inside 
your  organization 

►  See  how  guarding  against 
internal  threats  can  protect 
against  external  ones  too 

►  Discover  how  CIOs  balance 
the  need  to  trust  workers 
with  efforts  to  reduce  risks 


Security 


although  I  have  'settled  in’  to  a  real  job,  Dr.  Crime  still  lives. ..quietly,  anony¬ 
mously  and  discreet.” 

Or  not.  After  Sullivan  was  demoted  at  snack-food  maker  Lance  in  May 
1998,  he  planted  a  logic  bomb.  This  malicious  code,  set  to  execute  on  Sept. 
23, 1998,  the  anniversary  of  his  hire  date,  would  destroy  part  of  the  program 
being  written  for  the  handheld  computers  for  Lance’s  sales  force.  When  the 
bomb  went  off— months  after  Sullivan  had  resigned— more  than  700  sales¬ 
people  who  rove  the  Southeastern  United  States  with  truckloads  of 
Captain’s  Wafers,  Cape  Cod  Potato  Chips  and  Toastchee  crackers  couldn’t 
communicate  electronically  with  headquarters  for  days,  and  Lance  feared 
the  attack  might  cost  $1  million. 

The  evidence  Dr.  Crime  left  is  unique,  but  the  scenario?  Hardly.  Whether 
it’s  sabotage  or  the  theft  of  trade  secrets,  a  growing  number  of  companies 
are  learning  the  hard  way  that  their  biggest  security  risks  are  on  the  inside. 
Employees,  contractors,  temps  and  other  insiders  are  trusted  users.  They 
know  how  a  company  works,  and  they  understand  its  weaknesses— and 
that  gives  the  occasional  bad  apple  a  chance  to  really  make  things  rotten. 

Rather  than  handlingthe  situation  internally  as  somethingto  cover  up,  as 
do  many  companies  faced  with  insider  crime,  Lance  decided  to  act.  "We 
wanted  to  send  the  message  that  these  types  of  actions  were  not  accepted 
by  senior  management,”  said  Rudy  Gragnani,  vice  president  of  IS  at  the 
$583  million  company,  in  an  interview  that  his  edgy  legal  department 
allowed  him  to  conduct  only  via  e-mail.  "The  livelihood  of  our 
sales  representatives  was  being  impacted,  and  we  took  this 
situation  very  seriously.” 

In  April  2001,  the  then-40-year-old  Sullivan— who  also 
.wrote  on  that  webpage  that  he’d  relocated  from  New  York  to 
North  Carolina  to  give  his  family  a  better  quality  of  life— was 
sentenced  to  two  years  in  prison  without  parole  and  ordered 
to  pay  almost  $200,000  restitution.  He  lost  an  appeal  in 
February  2002. 

Damage  by  insiders  such  as  Sullivan  “is  an  incredibly  fast¬ 
growing  problem,”  says  Patrick  Gray,  who  worked  for  the  FBI 
for  20  years  until  he  retired  in  late  2001  to  join  Internet 
Security  Systems,  a  managed  security  company  based  in 
Atlanta.  "It’s  a  tough  threat  that  CIOs  are  going  to  have  to 
address.  Whether  you’re  a  Fortune  100  company  or  a  three 
or  four  person  company,  you  still  have  to  deal  with  that  bio¬ 
sphere  that  sits  between  the  keyboard  and  the  chair.” 

Supposedly  the  wake-up  calls  came  in  1996,  in  computer 
sabotage’s  most  famous  chapter,  when  a  former  systems 
administrator  at  Omega  Engineering  in  Bridgeport,  N.J., 
unleashed  malicious  code  that  cost  the  company  more  than 
$10  million;  in  February  2002,  Tim  Lloyd,  39,  was  sentenced 
to  41  months  in  federal  prison  and  ordered  to  pay  Omega 
more  than  $2  million  in  restitution. 


But  the  bells  are  still  ringing. 

This  past  January,  Cumming,  Ga. -based  soft¬ 
ware  vendor  NetSupport  worked  with  the  FBI 
to  arrest  a  sales  manager  who  allegedly  offered 
to  sell  the  company’s  customer  list  to  at  least 
two  competitors  for  $20,000. 

And  in  March,  the  FBI  arrested  a  former 
employee  of  Global  Crossing  on  charges  of 
identity  theft  and  posting  threatening  com¬ 
munications  on  the  Internet — this  after  he 
allegedly  posted  menacing  messages  and  per¬ 
sonal  information  at  his  website  (including 
Social  Security  numbers  and  birthdays)  about 
hundreds  of  current  and  former  employees  at 
the  communications  company. 

Those  cases  attract  wide  publicity,  yet 
observers  say  they  are  surprised  at  how  little 
companies  do  to  minimize  the  risk  posed  by 
employees.  “I’ll  talk  to  my  peers  in  other 
organizations,  where  it’s  sort  of,  ‘We  think 
we’re  protected — there’s  a  guy  downstairs  who 
takes  care  of  it,”’  says  Tim  Talbot,  senior  vice 
president  and  CIO  at  PHH  Arval,  a  fleet- 
management  company  based  in  Hunt  Valley, 


How  Harrah’s  Protects 
the  House’s  Money 

This  casino  chain  employs  IT 
and  other  security  tactics  to  reduce 
in-house  threats 

Harrah’s  Entertainment  has  every  need  to  trust  its  employees, 
and  every  reason  to  be  paranoid.  Employees  of  the  Las  Vegas- 
based  casino  chain  handle  $10  million  to  $15  million  in  cash  every 
day— as  much  as  the  country’s  largest  banks.  About  12,000  of  its 
47,000  employees  have  access  to  the  sensitive  information 
housed  in  Harrah’s  customer  relationship  management  system, 
which  keeps  track  of  how  customers  have  gambled  and  spent  on 
previous  visits  to  its  casinos  across  the  country. 

“There’s  an  implicit  trust  that  we  have  with  our  employees,” 
says  CIO  John  Boushy.  But  there  are  also  intense  checks  and 
balances  to  keep  everyone  honest— little  ways  that  add  up  to 
robust  security.  Here’s  a  checklist. 


78  CIO  JUNE  1,  2002  •  www.cio.com 


Md.,  that’s  a  subsidiary  of  the  Avis  Group. 
“OK,  so  the  guy  downstairs  has  never  made 
a  mistake,  knowingly  or  unknowingly?” 

Many  companies  don’t  do  enough  to  pro¬ 
tect  against  insider  threats  because  they  are 
leery  of  breaking  the  trust  they  have  built 
with  their  employees.  Treat  someone  like  a 
criminal,  the  thinking  goes,  and  he  might 
start  to  act  like  one.  The  good  news  is  that 
there  are  some  easy  ways  to  improve  inter¬ 
nal  security  without  making  honest  people 
feel  like  crooks — steps  that  will  help  protect 
against  external  threats  as  well.  Here  are  five 
things  you  can  do. 

Emphasize  Security 
from  Day  One 

Good  security  starts  with  whom 
you  hire,  and  that’s  why  it’s 
crucial  to  have  a  preemployment 
screening,  including  reference 
checks,  says  one  executive  who’s  been  there. 
“You  really  have  to  know  the  people  that 
you’re  hiring  and  make  sure  that  their  inter¬ 


ests  ally  with  yours,”  says  Craig  Goldberg, 
CEO  of  New  York  City-based  Internet 
Trading  Technologies,  which  successfully 
prosecuted  two  employees  who,  unhappy 
with  the  company,  attempted  extortion  and 
then  attacked  the  company’s  systems. 
(Goldberg  told  his  story  at  a  recent  CIO 
security  forum  webcast.  Find  it  online  at 
www.  cio.  com/p  rintlinks. ) 

CIOs  can  also  limit  the  damage  any  one 
employee  can  do  by  setting  up  access  con¬ 
trols  that  map  a  person’s  job  function  to  the 
resources  he  needs  to  do  that  job.  Do  that 
from  day  one,  and  your  company  can  avoid 
giving  the  impression  that  access  levels  have 
to  do  with  him  as  a  person — they’re  simply 
part  of  a  given  job  function.  (See  “Software 
Sentries,”  Page  80,  for  details  on  the  tech¬ 
nology  that  can  help  you  do  this.) 

Also,  there  should  be  checks  and  bal¬ 
ances  in  place  that  minimize  the  damage 
that  one  IT  employee  could  do.  One  per¬ 
son  might  be  in  charge  of  changing  files, 
another  in  charge  of  changing  the  network 


fabric  and  a  third  in  charge  of  modifying 
payroll  records.  “Most  big  computer  sys¬ 
tems  have  a  log-in  that  might  be  in  a 
generic  way  described  as  the  superuser,” 
says  Daniel  Geer,  CTO  of  managed  secu¬ 
rity  company  @Stake  in  Cambridge,  Mass. 
“If  I  gain  the  superuser  power  and  I  should 
not  have  it,  the  question  is,  How  far  does  it 
extend?  I’d  rather  not  have  the  power  to 
change  the  company  invested  in  one  per¬ 
son — not  because  I  don’t  trust  that  person, 
but  because  if  their  credentials  are  stolen, 
that  is  an  uncontainable  risk.” 

Build  Security 
from  the  Inside  Out 

These  access  controls  are  only 
the  first  step  toward  a  decreas¬ 
ing  emphasis  on  what’s  known 
as  perimeter  protection — secu¬ 
rity’s  equivalent  of  the  moat  around  a  castle. 
Surprisingly,  more  than  half  of  companies 
that  responded  to  one  CIO  survey  last  year 
don’t  have  critical  information  restricted  to 


PHYSICAL  SURVEILLANCE 

From  stairwells  to  the  data  center,  cameras 
are  installed  practically  everywhere  except 
inside  hotel  rooms. 

SECURITY  BADGES 

Employees  must  have  IDs  to  be  on  the 
casino  floor,  and  badges  are  revoked  when 
employees  leave  the  company. 

USER  ACCOUNT  MONITORING 

Employee  accounts  are  usually  closed 
within  a  day  of  their  leaving  the  company. 
Every  quarter,  managers  compare 
personnel  files  with  security  files,  looking 
for  discrepancies. 

DAILY  LOG  REVIEWS 

Every  night  at  each  property,  an  IT 
employee  reviews  significant  changes, 


such  as  a  change  to  a  customer’s 
credit  limit. 

CHECKS  AND  BALANCES 

At  least  three  people  are  involved 
whenever  it’s  time  to  replenish  the 
supply  of  chips  at  a  gambling  table.  Each 
employee’s  step  gets  documented. 

LIMITED  ACCESS  BASED 
ON  LOCATION 

Systems  are  configured  so  that  certain 
kinds  of  information  can  be  accessed  only 
in  certain  locations.  For  example,  someone 
behind  the  front  desk  couldn’t  submit  a 
request  to  send  more  chips  to  a  table. 

STRICT  ACCESS  TO  DATA  CENTERS 

To  enter,  an  employee  needs  to  type  iq  a 
password  that  changes  at  least  once  a 


month.  On  the  keypad,  the  way  numbers 
are  assigned  to  buttons  is  randomly 
generated  so  that  no  one  can  casually 
observe  an  employee  punch  in  numbers. 

LIMITED  ACCESS  TO  THE 
PRODUCTION  SYSTEM  When  an  IT 
employee  needs  to  make  a  change  to  the 
production  system,  which  handles  trans¬ 
actions  on  the  casino  floor  and  houses 
the  CRM  loyalty  program,  he  needs  to  call 
the  help  desk  for  a  temporary  user  ID. 

The  reason  for  the  change  is  logged,  and 
the  changes  are  monitored. 

Boushy  says  it  was  important  to  make 
sure  Harrah’s  built  such  security  steps  into 
its  operations  from  the  start.  “It's  just 
been  such  a  major  component  of  the  way 
we  operate  our  business,”  he  says.  -S.S. 


www.cio.com  •  JUNE  1.  2002  CIO  79 


Security 


a  confined  area,  separate  from  other  infor¬ 
mation  that  requires  less  security.  In  other 
words,  once  an  intruder  gets  over  the  moat, 
he  won’t  even  need  to  pick  a  lock  to  get  the 
crown  jewels.  “Some  corporations  run  hard 
on  the  outside  and  soft  on  the  inside:  Once 
you  get  in,  you  have  free  access,”  says  Larry 
Bickner,  vice  president  and  information 
security  officer  at  Nasdaq  in  New  York  City. 

To  protect  its  trading  floor,  Nasdaq 
takes  the  opposite  approach,  and  one  that 
experts  recommend:  progressive  harden¬ 
ing  from  the  inside  out.  “We  break  our 
world  into  various  trust  zones,  and  we  con¬ 
trol  who’s  within  that  zone  or  space,” 
Bickner  says.  “I  don’t  have  access  to  hu¬ 
man  resources  servers  or  systems.  It’s  not 
part  of  my  job.  We  have  a  completely  dif¬ 
ferent  trust  space  for  the  market  system, 
and  where  those  overlap,  we  control  those 


connections  very  strictly....  Even  if  one 
layer  isn’t  set  correctly,  the  other  layers 
compensate.  That  layering  gives  you  hard¬ 
ening.  Our  architecture  is  hardened  to  the 
point  that  when  you’re  on  the  inside,  it’s 
not  much  easier  to  get  at  things,  frankly, 
from  being  on  the  outside.” 

Make  Security 
Part  of  the  Culture 

Another  key  element  is  estab¬ 
lishing  a  culture  that  values 
security.  That  helps  keep  the 
honest  people  honest  and 
makes  it  easier  to  deal  with  people  who 
cross  the  line.  At  George  Washington 
University  in  Washington,  D.C.,  the  CIO 
and  his  information  security  officer,  Krizi 
Trivisani,  have  made  computer  security  part 
of  the  university’s  code  of  conduct  that  stu¬ 


dents,  faculty  and  staff  have  to  read  and 
sign  once  a  year.  “Policy  is  a  great  vehicle,” 
says  CIO  Dave  Swartz.  “Of  course,  you 
have  to  be  ready  to  enforce  the  policy,  and 
that’s  the  problem.  What’s  the  hammer?” 
Swartz’s  department  forwards  people  who 
break  security  policies  (including  students 
who  try  to  test  hacker  techniques  they’ve 
learned  in  class)  to  the  appropriate  discipli¬ 
nary  organization,  but  they  prefer  to  focus 
on  prevention.  The  IT  department  hosts 
regular  security  forums  and  invites  members 
of  the  legal  department,  compliance  office, 
and  audit,  policy  and  student  groups. 
“Education  and  awareness  is  a  very  pow¬ 
erful  tool,”  Swartz  says. 

CIOs  who  decide  to  implement  stricter 
policies  for  employees  should  be  doubly  sen¬ 
sitive  to  educating  users  about  reasons  for 
the  changes.  “This  is  a  classic  situation 


Software  Sentries 

Access  controls  and  administrative  tools  help 
limit  in-house  threats 

You  can’t  erase  every  in-house  security  threat.  But  there  is 
sbftware  to  help  you  manage  the  risks.  Steve  Hunt,  an  analyst  at 
Giga  Information  Group,  puts  the  software  into  four  categories. 

1.  AUTHENTICATION  SOFTWARE 

It  answers  the  question  Who  are  you?  Includes  passwords,  smart 
cards,  biometrics  and  single  sign-on  technologies.  Web  single 
sign-on  is  often  used  as  a  single  point  of  authentication  for 
browser-based  users  accessing  Web-based  applications. 
Leading  vendors  include  Netegrity  and  Computer  Associates. 

2.  AUTHORIZATION  SOFTWARE 

.  \ 

Operating  systems  such  as  Unix  and  Windows  NT  offer  modest 
protection  for  controlling  who  has  access  to  what  files. 

Systems  administrators  can  set  permission  levels  so  that 
certain  users  can  read,  write  or  execute  certain  files  or  folders. 
The  problem?  The  settings  are  time-consuming  to  configure 
and  easy  for  savvy  users  to  override.  Authorization  software, 
sold  by  Computer  Associates,  IBM  and  others,  enforces  the 
rules  you’ve  set  up. 


3.  ADMINISTRATION  SOFTWARE 

This  software  makes  access  control  a  little  neater.  Sold  by 
Access360,  BMC  Software,  IBM’s  Tivoli  Systems  and  others, 
administration  software  allows  companies  to  keep  track  of  all  their 
users  and  what  access  those  users  have  to  specific  data.  It  would 
allow  a  security  manager  to  place  one  call  instead  of  asking  25 
systems  administrators  to  change  access  levels,  Hunt  says.  A 
company  with  30,000  employees  would  spend  about  $1  million  on 
software  and  consulting  fees.  But  even  then,  Hunt  says,  a  savvy 
internal  hacker  could  cause  problems. 

4.  AUDIT  SOFTWARE 

BindView,  Counterpane  and  PentaSafe  offer  products 
and  services  for  answering  the  question  What  happened?  They 
report  security  events,  identify  anomalies  and  identify  trends. 
Companies  use  audit  info  to  improve  the  quality  of  their 
applications  as  well  as  security. 

Hunt  says  that  CIOs  can  solve  90  percent  of  the  threat  by  com¬ 
bining  the  use  of  tools  such  as  these  with  corporate  firewalls, 
internal  VPNs  and  network  intrusion  detection  tools.  “That  just , 
cost  you  $2  million  if  you’re  a  big  company,  but  you  have  to  ask 
yourself,  What  would  a  competitive  espionage  breach  cost  you  in 
market  momentum,  legal  fees  or  embarrassment?”  Hunt  asks. 
“That’s  when  you  take  a  walk  through  your  cubicles  and  try  to  see 
how  disgruntled  your  employees  are.”  -S.S. 


80  CIO  JUNE  1,  2002  •  www.cio.com 


of  separation  between  making  a  plan  and 


Is  your  infrastructure  ready 
for  Web  services?  How  long 
before  you  see  results?  Can 
.NET  connected  software  make 
a  difference?  This  quarter? 
Get  the  answers  before  the 
questions  start. 

microsoft.com/enterprise 


Microsoft 


Security 


where  what  your  culture  is  and  what  you’ve 
done  in  the  past  lays  a  foundation  for  future 
efforts,”  says  Mitchell  Marks,  an  organiza¬ 
tional  psychologist  in  San  Francisco.  “If  you 
don’t  explain  why  you  are  [increasing  secu¬ 
rity],  then  people  will  talk  about  it  at  the  cof¬ 
fee  machine,  fill  in  the  information  voids 
with  perceptions  that  are  probably  more 
negative  than  reality  [and  conclude]: 
Leadership  doesn’t  trust  us.” 

Watch  for 
Unusual  Activity 

Despite  those  precautions, 
companies  also  need  to  pro¬ 
tect  against  the  possibility  that 
those  levels  of  security  will  be 
broken.  At  Sony  Pictures  Entertainment, 
right  before  a  big  movie  release  like 
Spider-Man,  the  hacks  start  coming  from 
insiders  and  outsiders  who  want  to  get  a 
prereleased  version  of  the  movie  or  see  the 
stars’  salaries.  That’s  where  the  company’s 
intrusion  detection  system  (IDS)  steps  in, 
by  watching  for  unauthorized  activity. 
Employees  who  poke  around  for  inappro¬ 
priate  information  on  Sony’s  network  might 
generate  an  alert  that  lands  on  the  desk  of 
Jeff  Uslan,  director  of  information  protec¬ 
tion  and  security  at  the  Culver  City,  Calif.- 
based  company.  “The  system  would  tell  me 
your  machine  address  and  IP  address,”  he 
says.  “You  might  get  a  call  from  myself,  say¬ 
ing,  ‘Is  there  something  I  can  help  you  with, 
because  you’re  trying  to  get  into  these  files 
that  you  shouldn’t.’”  The  IDS  would  also 
help  Uslan  find  out  if  a  hacker  had  infil¬ 
trated  Sony’s  system  and  was  using  an 
employee’s  credentials  or  computer  to 
launch  an  attack. 

In  addition  to  an  IDS,  Oakland,  Calif.- 

cio.com _ 

How  can  you  deal  with  threats  inside 
your  company?  ASK  THE  SOURCE: 
PATRICK  GRAY  of  Internet  Security 
Systems  will  give  answers  for  the  next 
two  weeks  at  www2.cio.com/ask/source. 


based  shipping  company  APL  uses  a  product 
called  Silent  Runner,  from  a  company  by  the 
same  name,  to  get  a  visual  look  at  what’s 
happening  on  the  shipping  company’s  net¬ 
work — a  high  number  of  FTP  downloads, 
for  example,  or  unusual  activity  in  a  depart¬ 
ment  that  is  going  through  a  painful  reor¬ 
ganization,  or  even  e-mails  that  match 
keyword  searches.  “I  have  a  bird’s-eye  view 
of  what’s  happening,”  says  Van  Nguyen, 
director  of  information  security.  “I  don’t  nec¬ 
essarily  look  at  every  single  one  of  the  1 1,000 
employees,  but  when  I  need  to  I  can.” 

That  isn’t  enough  for  everyone,  of  course. 
Some  companies,  especially  ones  that  deal 
with  financial  transactions  or  other  sensi¬ 
tive  information,  will  have  to  go  to  a  more 
extreme  route  and  use  more  sophisticated 
monitoring  and  controls.  (For  a  checklist  of 
the  internal  controls  at  one  company  that 
deals  with  wads  of  cash,  see  “How  Harrah’s 
Protects  the  House’s  Money,”  Page  78.) 

Know  How  to  Let  Go 

A  little  sensitivity  when  some¬ 
one  leaves  the  company  can  go 
a  long  way  in  avoiding  retal¬ 
iation  or  sabotage.  (See  “How 
to  Fire  People,”  at  www.cio 
.com/printlinks.)  But  there  are  technical 
details  to  take  care  of  as  well.  It  can  take 
months  for  IT  departments  to  painstakingly 
close  the  accounts  of  a  former  employee. 
That  usually  happens  because  of  poor  com¬ 
munication  with  HR  or  because  there  are  so 
many  different  accounts  controlled  by  dif¬ 
ferent  systems  administrators,  which  is  a 
major  problem  not  only  because  employ¬ 
ees  might  attempt  to  access  system  resources 
but  also  because  hackers  can  take  advan¬ 
tage  of  inactive  accounts.  “We  see  a  lot  of 
companies  that  don’t  have  policies  to  can¬ 
cel  passwords  and  log-in  names  when  some¬ 
body  is  terminated,”  says  FBI  supervisory 
special  agent  David  Ford,  who  manages  a 
regional  computer  crimes  office  in  Atlanta. 
“You  would  think  that  would  be  the  first 
thing  that  would  happen,  but  a  lot  of  com¬ 
panies  don’t  take  the  basic  steps  you  would 
expect.  ” 


Until  recently,  the  New  York  City-based 
clothing  designer  Josephine  Chaus  was  no 
exception.  When  Ed  Eskew  became  vice 
president  of  IT  about  three  years  ago,  there 
was  no  formal  system  in  place  for  shutting 
down  accounts  of  employees  who  resign  or 
are  let  go.  Now,  human  resources  and  IT 
work  together  closely — a  process  that, 
unfortunately,  had  to  be  used  when  the  com¬ 
pany  recently  had  layoffs.  “The  moment  a 
person  is  called  from  their  desk  into  HR  for 
termination,  our  IT  people  will  go  to  their 
desk  and  remove  the  CPU”  and  change  the 
password  for  their  voice  mail,  Eskew  says. 
People  who  leave  the  company  voluntarily 
may  get  an  interim  password  with  limited 
access  during  their  notice  period. 

Sound  extreme?  Perhaps,  but  Eskew  says 
there’s  no  way  to  tell  how  someone  will 
react  to  being  fired.  “You  like  to  think  that 
people  will  behave  themselves  professionally, 
but  from  a  security  perspective,  how  do  you 
know?  How  do  you  explain  that  you  didn’t 
protect  against  that?” 

But  that’s  not  always  enough,  as  Lance 
learned  when  “Dr.  Crime”  ended  up  behind 
bars.  Now,  says  IT  chief  Gragnani,  “when 
someone  leaves  our  IT  department  under 
suspect  circumstances,  we  will  go  back  and 
review  the  program  changes  that  person  has 
implemented  recently.” 

It’s  another  prudent  move  for  IT  execu¬ 
tives  faced  with  securing  their  company’s 
assets.  But  it’s  not  like  they  have  to  spend 
all  day,  every  day  treating  their  colleagues 
as  suspects. 

Nasdaq’s  Bickner  uses  80  percent  of  his 
time  getting  people  to  do  the  right  thing  and 
only  20  percent  making  sure  no  one  does  the 
wrong  thing.  “Most  of  the  people  will  do 
the  right  thing  most  of  the  time,”  he  says. 
“We’re  counting  on  people  to  make  the  right 
decisions  and  training  them  to  do  that.  And 
the  more  you  succeed  on  average,  the  less 
you  begin  to  see  any  errant  behavior.”  BE] 


E-mail  Sarah  D.  Scalet,  senior  writer  and  security 
editor,  at  ss'ca I et@cio.com.  Sign  up  for  our  free 
newsletter,  the  “Security  &  Privacy  Update,”  by 
visiting  subscribe.cio.com/newsletters.cfm. 


82  CIO  JUNE  1,  2002  •  www.cio.com 


C  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  Slates  and/or  other  countries. 


Will  Web  services  change  the 
way  you  do  business?  Will 
integrating  them  with  your 
infrastructure  mean  starting 
over?  Can  .NET  connected 
software  get  you  there  faster? 
Get  the  answers  before  the 
questions  start 

microsoft.com/enterprise 


. 


Microsoft’ 


STRATEGIC 


( and  do's ) 


As  you  write  your  company’s  next  IT  strategic 
plan,  don’t  repeat  these  classic  mistakes 

BY  DEREK  SLATER 


If  the  best-laid  plans  oft  go  astray,  can  we  expect  any  better  of  plans 
that  try  to  predict  a  company’s  growth,  competitive  landscape,  work  processes  and 
technology  requirements  three  to  five  years  from  now?  Those  are  the  ambitious 
goals  of  IT  strategic  plans— plans  that  are  frequently  threatened  with  obsolescence 
by  technology  changes  and  economic  upheaval  before  the  ink  even  dries. 

Many  CIOs  apparently  have  responded  to  those  forces  of  chaos  by  throwing  in  the 
towel  on  strategic  planning:  A  2002  Cutter  Consortium  survey  found  that  39  percent 
of  respondents  had  no  formal  IT  strategy  at  all.  But  in  fact,  chaotic  times  make  it 
more  necessary  than  ever  for  the  CIO  to  routinely  take  a  strategic  view.  “Everything's 
been  stable  and  good  here,  but  we  realized  that  we’d  been  putting  off  a  lot  of  major 
[IT]  decisions.  You  have  to  avoid  major  [problems]  by  looking  ahead,”  says  Malcolm 
Fields,  CIO  of  Hon  Industries,  a  $1.8  billion  office  furniture  and  hearth  products 
manufacturer  in  Muscatine,  Iowa.  Fields,  Hon's  first  CIO,  is  in  the  midst  of  writing  his 
company’s  first-ever  IT  strategic  plan.  Prior  to  his  appointment,  he  says,  “we  just 
never  had  anyone  far  enough  out  of  the  trees  to  see  the  forest.” 


Reader  ROI 

►  Understand  why  it’s  a  mistake 
to  ignore  strategic  planning 

►  Learn  what  not  to  do  when 
writing  a  strategic  plan— and  why 

►  Discover  the  ways  some  CIOs 
are  aligning  business  plans  with 
IT  strategic  plans 


00 

QC 

UJ 

3 

< 


CD 

o 

I — 

o 

X 

Q_ 


84  CIO  JUNE  1,  2002  •  www.cio.com 


Adecco  NA  CIG 
Arnie  Rind  says  that 
strategic  planners  who  listen 
only  to  executives  and  ignore  field 
employees  do  so  at  their  peril. 


/ 


BMP 


i8»;  .:■■  a  sras 

I 


Strategic  Planning 


It’s  the  looking  ahead  part  that  makes  planning  strategic.  All 
IT  strategic-planning  primers  start  with  the  same  instruction: 
Imagine  the  desired  future  state  of  the  company.  With  that 
vision,  CIOs  can  then  analyze  the  present  state,  compare  the  two 
to  identify  gaps,  and  start  to  draw  a  road  map  for  closing  those 
gaps  and  getting  the  company  to  the  goal.  Project  prioritiza¬ 
tion,  risk  analysis,  and  an  analysis  of  the  likelihood  of  changes  in 
the  industry  and  technology  are  also  well-established  basics  in 
the  strategic-planning  process.  However,  that  simple-sounding 
recipe  masks  some  of  the  complexities  and  finer  points  of  the 
strategic-planning  process.  What  follows  is  a  list  of  five  common 
errors  in  the  IT  strategic-planning  process,  and  tips  from  CIOs 
on  evading  those  land  mines  and  creating  a  plan  that  works. 

DON’T  Start  with  the  Business  Plan 
(DO  Start  Before  the  Business  Plan) 

The  first  direction  typically  parceled  out  for  writing  an  IT 
strategic  plan  is  to  start  with  the  business  plan.  Here’s  a  bit  of 
heresy:  “Start  with  the  business  plan”  is  misleading  advice  for 
two  reasons. 

First,  he  who  waits  for  the  business  plan  to  hit  his  desk  is 
starting  too  late.  In  fact,  that  CIO  may  never  get  started  at 
all — in  the  aforementioned  study  by  Arlington,  Mass. -based 
Cutter  Consortium,  almost  a  third  of  the  respondents  had  no 
formally  articulated  business  plan  at  all.  But  even  at  organi¬ 
zations  that  do  formal  business-strategy  planning,  the  CIO 
needs  to  participate  in  the  creation  of  that  plan  rather  than 
waiting  for  it.  CIOs  play  a  crucial  role  in  counseling  execu¬ 
tive  leaders  about  new  business  possibilities  opened  by  tech¬ 
nology — a  classic  example  being  the  new  business  channel 
opened  by  the  emergence  of  the  Web.  If  the  CIO  doesn’t  fill  the 

Doing  It  Right 

5  tips  for  sound  strategic  planning 

1.  Keep  business  execs  informed  about  what  technology 
might  make  possible. 

2.  Involve  everyone  in  the  IT  planning  process,  from  the  board- 
room  to  the  shop  floor.  It’s  time-consuming,  but  it  increases 
alignment  and  buy-in. 

3.  Write  your  strategic  plan  at  the  right  level  of  detail;  non-IS 
employees  should  be  able  to  make  sense  of  it.  Save  the  network 
protocol  acronyms  for  subdocuments  and  action  plans. 

4.  Create  a  process  for  communicating  your  IT  strategy  to  the 
company,  and  include  a  section  on  how  you're  going  to  measure 
your  progress  toward  the  plan. 

5.  Use  contingency  and  scenario  planning  but  also  have  a 

process  or  organizational  structure  that  allows  rapid  response 
to  unforeseen  events.  -D.S. 


function  of  advanced  technology  scout,  the  competitors’  CIO 
will,  giving  the  competition  a  huge  advantage.  (For  more  on 
the  CIO’s  role  as  technology  scout,  see  “How  to  Succeed  in 
Strategic  Planning,”  at  www.cio.com/printlinks.) 

“Historically,  strategic  planning  for  the  CIO  has  meant  dis¬ 
cerning  the  business’s  strategy  and  then  trying  to  achieve  it. 
Today  I  think  [the  CIO’s  role]  cannot  be  reactive,”  says  Darrell 
Rigby,  a  director  at  consultancy  Bain  &  Co.  in  Boston.  “The 
CIO  has  the  capability  to  see  where  the  basis  for  competition 
will  be.”  That  is  not  to  say  that  CIOs  should  write  their  IT 
strategy  independently  and  then  attempt  to  force  the  business 
strategy  to  match  it.  Rather,  the  point  is  that  both  the  business 
plan  and  the  IT  plan  should  be  written  collaboratively  by  the 
entire  executive  team,  including  the  CIO. 

The  second  problem  with  the  “start  with  the  business  plan” 
mantra  is  that  even  formal  business  plans  are  often  incomplete 
for  IT  purposes.  Business  strategies  are  typically  written  at  a 
very  high  level.  They  frequently  talk  about  markets,  sales  and 
distribution  channels,  and  growth  targets — but  rarely  address 
how  the  company  gets  its  work  done.  Business  processes — 
that’s  a  place  where  IT  can  drive  vital  change  and  add  enor¬ 
mous  value. 

That  is  precisely  Fields’  focus  in  writing  Hon  Industries’ 
three-year  strategic  plan.  Hon  comprises  seven  operating  com¬ 
panies.  Fields  wants  to  know  how  each  of  Hon’s  business  units 
intends  to  conduct  business.  To  understand  that  future  state, 
Fields  says,  “we  work  with  the  operating  company  presidents 
and  their  direct  reports.  Take  a  business  process  like  make-to- 
ship — how  are  we  going  to  handle  production  and  distribu¬ 
tion  in  three  to  five  years?”  That  discussion  yields  ideas  and 
goals  that  aren’t  spelled  out  in  the  corporate  strategic  business 
plan.  (Fields  says  he  uses  a  formal  methodology  called  Value 
Stream  mapping  for  capturing  current  and  intended  future 
process  definitions.)  From  there,  Fields  follows  the  typical  steps 
of  gap  analysis  and  risk  analysis.  “From  all  this  we  derive  a 
plan  that  says  we  have  to  move  off  of  this  system  or  modify 
that  one,”  he  says.  In  Hon  Industries’  case,  the  IT  strategic 
plan  will  come  in  the  form  of  a  set  of  small  booklets,  one  for 
each  of  the  company’s  business  units. 

DON’T  Just  Listen  Up 
(DO  Listen  Down  as  Well) 

Ignoring  the  executive  board’s  wishes  in  the  IT  strategic-planning 
process  clearly  would  be  career  suicide.  CIOs  report  a  variety 
of  methods  for  making  sure  those  wishes  are  reflected  both  in 
their  plans  and  in  the  execution.  At  Nationwide  Mutual 
Insurance  in  Columbus,  Ohio,  for  example,  CIO  George 
McKinnon  says  every  single  FT  project  is  sponsored  by  a  senior 
vice  president  and  business  sponsor  (and  with  $30  billion  in 
revenue,  Nationwide  has  “several  hundred”  IT  projects  going 


86  CIO  JUNE  1,  2002  •  www.cio.com 


ORDERS  ABE  OBI  TIME.  EVERYONE'S 

IN  THE  LOOP  CUSTOMERS  ABE  HAPPY. 

(AN  ADAPTIVE  SUPPLY  CHAIN  IS  A  BEAUTIFUL  THING.) 

A  business  is  a  jigsaw  puzzle  of  people,  products  and  processes.  And  because  it’s  constantly 
in  flux,  it’s  hard  to  predict  what,  when.  The  mySAP™  Supply  Chain  Management  Solution  connects 
you  with  your  customers,  partners  and  suppliers,  so  you  can  adapt  on  the  fly  to  shifts  in  supply  and 
demand.  It  also  offers  higher  visibility  and  covers  all  the  bases  —  from  planning  and  execution  to 
networking  and  coordination.  Which  makes  it  the  only  adaptive  SCM  solution  that  can  turn  a  supplv 
chain  into  a  profit  center.  To  find  out  how  you  can  optimize  your  supply  chain,  go  to  sap.com/scm 


THE  BEST-RUN  E-BUSINESSES  RUN  SAP 


Strategic  Planning 


"  i®-1 


Nationwide  CIO  George  McKinnon 
says  that  a  healthy  organization  has 
a  mix  of  technology  risk  levels. 


at  one  time).  While  the  senior  vice  presidents 
don’t  micromanage  these  projects,  they  are  aware 
of  the  budget  requirements  and  reasons  for  each, 
which  keeps  the  company’s  top  leadership 
involved  in  the  IT  group’s  strategic  planning. 

However,  Arnie  Rind,  CIO  of  staffing  com¬ 
pany  Adecco’s  North  American  operations 
(based  in  Melville,  N.Y.),  has  an  important 
reminder  about  gathering  other  input:  Don’t  for¬ 
get  the  little  people. 

That’s  not  only  because  they  have  good 
ideas — which  they  frequently  do.  “I  often  say 
that  we  in  corporate  say  we  know  what’s  going 
on  with  the  business,  but  the  people  in  the  field 
really  know,”  says  Rind.  Line  of  business 
employees  can  offer  honest  feedback  on  what’s 
working,  what’s  failing  and  what’s  missing,  and 
all  that  information  can  feed  back  to  make 
stronger  prioritization  decisions  in  the  strategic- 
planning  process.  Rind’s  plan  is  to  conduct  sev¬ 
eral  internal  focus  groups  as  he  rewrites  Adecco 
NA’s  first  IT  strategic  plan.  And  he  plans  to  do 
it  on  a  budget.  “You  can  piggyback  this — we’ve 
got  a  sales  meeting  coming  up,  let’s  get  them  advance  ques¬ 
tionnaires  to  get  their  wish  lists  and  carve  out  some  time  at  the 
meeting  to  talk  about  this,”  Rind  says.  An  example  of  end  user 
input  that’s  already  on  Rind’s  radar:  The  “associates”  (temps) 
whom  Adecco  places  in  work  assignments  used  to  get  assign¬ 
ments  by  phone  and  checks  by  mail.  “Now  they  need  more 
than  that — they  need  to  get  on  the  Net,  see  their  next  assign¬ 
ment,  see  their  year-to-date  [income]  information,  when  the 
last  check  was  mailed,”  says  Rind. 

Just  as  important  as  the  actual  feedback,  though,  is  the  mes¬ 
sage  that  inclusion  sends  throughout  the  company.  Business 
employees  get  one  of  two  messages  from  IT:  either  that  IT  lis¬ 
tens  or  that  it  doesn’t.  Soliciting  input  from  workers  in  various 
functions,  and  then  using  it  in  the  planning  process,  communi¬ 
cates  the  former,  Rind  says.  “The  people  running  operations, 
payroll,  whatever — we  want  to  include  these  groups.  We’re 
not  going  to  paint  this  picture  strictly  within  IT,”  says  Rind. 

Rind  joined  Adecco  in  July  2001.  Adecco  NA’s  Switzerland- 
based  parent  (Adecco  SA)  was  formed  by  the  1996  merger  of 
Adia  and  Ecco,  and  Rind  says  the  company’s  IT  resources  until 
then  were  consumed  almost  entirely  by  the  process  of  knit¬ 
ting  the  two  together  and  getting  proprietary  front-office  soft¬ 
ware  (called  Custom  Match)  rolled  out  to  800  offices.  “I’d 
like  to  take  the  credit  for  that,  but  they  had  already  finished 
when  I  got  here,”  he  laughs.  “So  for  the  new  year,  I  said  I 
would  like  to  put  together  a  strategy  plan  other  than  just  get¬ 
ting  these  two  companies  merged.” 


Nationwide’s  Take  on 
Technology  Risk 

Some  CIOs  take  a  particular  stance  on  bleeding-edge  technology, 
encapsulating  their  company's  willingness  to  accept  technical  risk 
(for  example:  "We  want  to  be  fast  followers”).  George  McKinnon, 
CIO  for  Nationwide  Mutual  Insurance  in  Columbus,  Ohio,  says  this 
is  his  take  on  assessing  and  managing  risk:  “I  think  one  philosophi¬ 
cal  statement  does  not  reflect  all  aspects  of  a  larger  organization. 

In  an  environment  like  ours,  there  are  certain  areas  where  it’s 
necessary  to  be  very  risk-averse;  for  example,  we  are  regimented 
about  [insurance]  rate  changes  and  things  like  that  which  are 
regulated.  But  there’s  also  a  need  for  experimentation  and  piloting. 

“We  are  realistic;  not  every  good  idea  that  comes  up  is  going  to 
go  into  production.  For  example,  for  a  couple  of  years  now  we’ve 
seen  wireless  claims-estimating  tools.  It's  a  really  neat  product, 
and  we  tested  it  ourselves  maybe  18  months  ago  but  didn’t  see  the 
return  we  wanted,  and  we  didn’t  go  forward  with  it.  The  wireless 
insurance  quote  is  also  neat,  and  we  could  have  done  that  too,  but  I 
just  don’t  see  someone  sitting  in  the  airport  wanting  to  do  a 
wireless  check  on  their  insurance  rate. 

“But  you  have  to  be  aware  of  what’s  out  there,  and  I  would  say  if 
you’re  always  following,  you’re  suboptimizing  your  technology 
investment  somewhat. 

“So  a  healthy  organization  has  a  mix  [of  risk  levels]."  -D.S. 


88  CIO  JUNE  1,  2002  •  www.cio.com 


PHOTO  BY  DAVID  COOK 


Tired  of  Your  High-Maintenance  Relationship 

with  Storage? 

“ You  are 
working 
this  weekend, 
otherwise,  NO 
file  sharing 
on  Monday 
morning!” 


“Why  are  we 
paying  ALL  this 
money  for  outside 
consultants?  Aren ’t 
you  supposed  to 
be  the  storage 
expert?” 


“We  spent 
HOW  MUCH 
on  some  server? 
I  could  buy  a 
house  for 


f  “ What  do 
y  ou  mean  the 
system  is  going 
to  be  down  for 
k  HOURS?” 


Introducing  Guardian™  Network  Attached  Storage 
Simple,  Cost-Effective  Storage  for  the  Enterprise 


1.4TB/3U...under  $25,000 

The  new  Quantum  Guardian™  14000 
server  eliminates  cost  and 
complexity  from  your  storage 
infrastructure.  Deployment  is  quick 
and  easy,  with  no  downtime.  That  should 
save  some  headaches.  And  the  low  acquisition  cost  combined 
with  its  high  availability  and  minimal  administration  helps  you  live 
within  your  budgets.  Yet  you  still  enjoy  the  enterprise-class  security, 
management  and  performance  your  environment  demands.  The  new 
Quantum  Guardian™  14000  servers... building  blocks  for  simple, 
scalable  storage  growth.  Visit  www.auantum.com/Guardianl4000 
for  an  interactive  demo. 


Specs  •  1.4TB  •  3U  •  Dual  Gigabit  Ethernet  •  Supports  Windows/ 
UNIX/ Linux/Macintosh  Environments  •  Journaling  File  System 

•  Standard  On-site  Support 

Security/Management  *  Microsoft  Active  Directory  Service  (ADS) 

•  Kerberos  Authentication  •  UNIX  Network  Information  Service  (NIS) 

•  SNMP  •  Encryption  •  File  and  Folder  Security  •  Quotas  for  Users 
and  Groups1 

Availability  •  RAID  5,1,0  •  12  Hot-swappable  Disk  Drives 

•  Redundant,  Hot-swappable  Power  Supplies  and  Cooling  Fans 

•  Dual  Ethernet  for  Load  Balancing  and  Failover  •  Dual  Power  Cords 

Data  Protection  •  Snapshots  •  Backup  Agent  Support  (VERITAS 
NetBackup  and  Backup  Exec,  CA  ARCserve,  Legato  NetWorker) 

•  Server-to-Server  (S2S)  Synchronization  Software  •  Local  Backup  via 
SCSI  Port2  •  APC  Smart-UPS  Support  •  Unlimited  User  License 
PowerQuest  DataKeeper  (for  Windows  Client  Backup) 


1.888.343.7627  •  www.quantum.com 


Quantum, 


Strategic  Planning 


3  DON’T  Sweat  the  Details 
(The  Specifics  of  Execution 
DO  Belong  in  Another  Document) 

IT  strategic  plans  need  to  be  written  with  an  appropriate  level 
of  detail.  The  right  level  of  detail  fulfills  two  requirements. 
One  is  that  it  should  allow  enough  wiggle  room  so  that  the 
IT  group  will  be  able  to  change  implementation  details  with¬ 
out  rewriting  the  strategic  plan.  The  second  is  that  the  plan 
will  be  comprehensible  to  non-IS  executives. 

At  Nationwide,  the  IT  strategic  plan,  or  “blueprint,”  is  lim¬ 
ited  by  decree  to  100  pages.  (“It  used  to  be  50  pages,  but  then 
the  technical  guys  went  double-sided  on  me,”  says  CIO 


McKinnon.)  That  means  there  isn’t  room  to  describe  the  entire 
data  warehousing  architecture  in  detail — and  that’s  intentional, 
McKinnon  says.  Each  subsection  of  the  overall  plan  is  broken 
out  into  subdocuments  that  get  into  the  nitty-gritty.  These  sub¬ 
documents  are  not  part  of  the  official  strategic  plan.  “If  you 
get  too  detailed  in  a  particular  area,  you’re  not  going  to  be 
able  to  use  the  [strategic  plan]  document”  to  communicate  to 
the  rest  of  the  organization,  says  McKinnon. 

Jeff  Balagna,  senior  vice  president  and  CIO  at  medical  device 
maker  Medtronic — a  $5.5  billion  global  company  based  in 
Minneapolis — follows  a  similar  approach.  “The  strategic  plan 
is  a  high-level  document.  It  has  the  business  imperatives,  the 
problems  we’re  trying  to  solve.”  That  plan  goes  into  a  “sum¬ 
mit”  meeting  of  business  unit  IT  leaders,  who  break  the  plan 
into  projects  with  owners,  teams  and  deadlines. 

Another  common  approach  is  to  divide  the  strategic  plan 
into  two  sections.  One  describes  applications  or  solutions  for 
particular  business  units  or  functions.  The  other  section  per¬ 
tains  to  infrastructure  requirements,  software  upgrades  and 
architectural  detail.  That  further  shortens  and  simplifies  the 
reading  for  business-line  folks,  who  can  focus  on  the  solutions 
section  and  gloss  over  the  architecture  if  they  so  choose. 

DON’T  Let  It  Collect  Dust 
(DO  Make  Sure  the  Plan  Gets  Executed) 

The  worst  strategic  plan,  of  course,  is  one  that  sits  in  an 
unopened  binder  on  the  CIO’s  bookshelf. 

Nationwide  has  a  formal  communication  process  for  rolling 


out  its  three-year  plan.  All  IT  employees  are  required  to  read 
the  plan,  which  is  posted  on  an  intranet,  and  are  further 
required  to  satisfactorily  complete  a  10-question  quiz  about 
its  contents.  Many  business-side  employees  read  the  document 
in  its  entirety  too,  and  some  go  so  far  as  to  complete  the  quiz 
(although  McKinnon  notes,  “We  aren’t  quite  sure  what  to  do 
with  their  scores.”) 

At  Nationwide,  all  IT  projects  are  tied  back  to  the  strategic 
plan,  and  all  projects  of  more  than  $250,000  are  continually 
evaluated  as  they  move  forward  to  ensure  that  they  are  hit¬ 
ting  their  designated  milestones.  That  is  where  the  senior  vice 
president  executive  sponsorship  kicks  in.  Top  leaders  receive  a 

monthly  “stoplight”  report  with 
each  project  assessed  as  red,  yel¬ 
low  or  green  depending  on  its 
progress.  The  color  assigned  to 
each  project  is  the  result  of  inde¬ 
pendent  evaluation  by  three 
groups:  the  business-side  group 
that  requested  the  project,  the 
finance  group  and  the  IT  func¬ 
tion’s  project  management  office.  And  those  progress  reports 
are  discussed  at  a  monthly  meeting — which  lasts  only  a  half 
hour.  “We  only  talk  about  the  concerns — so  if  you’re  talking, 
it’s  not  necessarily  a  pleasant  thing,”  says  McKinnon.  With 
this  follow-through,  Nationwide  makes  sure  its  strategic  plan  is 
being  turned  into  action. 

But  DON’T  Bronze  the  Plan  Either 
(DO  Create  Flexibility  Through  Scenario 
Planning  and  Frequent  Review) 

Plans  are  necessary,  but  plans  change.  Medtronic  is  in  acquisi¬ 
tion  mode — absorbing  as  many  as  11  companies  in  four 
years- — and  CIO  Balagna ’s  strategic  plan  covers  only  one  year 
(tied  to  the  budgeting  cycle).  Even  at  that  short  span,  he  says,  “I 
tell  my  people,  don’t  bronze  the  plan.  Five-year  plans?  Oh, 
that  my  crystal  ball  would  work  so  well.” 

Bain’s  Rigby  says  that  contingency  planning  and  scenario 
planning  are  two  underappreciated  and  necessary  steps  in  writ¬ 
ing  an  IT  strategy.  “Contingency  plans,  both  short  term  and 
longer  term,  have  to  be  worked  out  in  advance  with  the  busi¬ 
ness  heads.  You  have  to  say,  ‘Here’s  how  I  would  rank-order 
our  expenses,  so  if  the  CEO  says  we  have  to  cut  by  30  per¬ 
cent,  these  are  the  ones  I  would  drop— what  do  you  think?”’ 
says  Rigby.  He  says  the  process  helps  cement  business  align¬ 
ment  and  support,  or  at  least  that  the  CIO  can  “tease  out  weak¬ 
nesses  in  your  budget  beforehand”  instead  of  being  blindsided 
in  a  downturn.  “If  you  don’t  prioritize  investments,  someone 
else  will  do  it  for  you,”  he  says. 

Scenario  planning  is  equally  important  and  seems  to  be  a 


A  2002  Cutter  Consortium  survey  of  CIOs 
found  that  39  percent  of  respondents  had 

no  formal  IT  strategy  at  all. 


90  CIO  JUNE  1,  2002  •  www. cio.com 


WHAT  KIND  OF  DECISIONS  DOES  SAP  MAKE? 
SMART  ONES. 


Arriving  at  a  smart  business  decision 
can  happen  anywhere.  But  the  process 
first  requires  information;  information 
that  needs  to  be  gathered  from 
multiple  sources,  then  analyzed 
and  shared  before  it  can  be  used  to 


your  advantage. 

SAP,  the  world  leader  in  e-business 
platforms,  is  focused  on  finding  new 
ways  to  help  their  customers  lower 
costs  and  increase  revenues. 

That's  why  SAP  chose  Crystal  Decisions'^ 


web  reporting  technology  and 
expertise  -  to  help  their  customers 
better  utilize  information  through 
formatted  reporting  for  competitive 
advantage. 

Crystal  Decisions,  makers  of 


Crystal  Reports®,  met  SAP's  demanding 
standards.  We're  confident  we  can 
meet  yours.  To  see  how,  call  us  at: 
1-866-82T3525  or  sign  up  for  a  seminar 
at:  www.crystaldecisions.com/ent/006/ 


Access.  Analyze.  Report.  Share/ 


crystal  decisions 


A  SEAGATE  COMPANY 


PERSPECTIVES 


October  6  -  8,  2002 
Loews  Coronado  Bay  Resort 
Coronado,  California 


DIFFERENT 


THE  SUCCESS  OF  ANY  IJ.  OR  BUSINESS  INITIATIVE 

\ 

relies  on  our  ability  to  build  strategic  partnerships  with 
corporate  and  business  unit  management,  key  suppliers, 
vendors  and  customers.  That  success  will  only  come 
when  many  different  voices  embrace  shared  visions. 

To  get  there,  we  need  solid  strategies,  clear  prioritiza¬ 
tion,  understanding  and  buy-in— along  with  the  right 
infrastructure  and  resources  in  place.  Join  us  as  your 
CIO  peers  share  visions  on  ways  to  create  new  business 
value,  a  higher  ROI  and  more  strategic  deployment  of 
technology. 

Corporate  Hosts  n 


Strategic  Planning 


bit  of  a  lost  art  after  a  decade  of  con¬ 
tinuous  economic  growth,  according 
to  Rigby.  Scenario  planning  simply 
means  creating  plans  for  reacting  to 
specific  possible  future  events  outside 
the  company.  Hon  Industries  does 
scenario  planning  for  what  it  calls 
“game-changing  events,”  but  these  possible  events  are  the  sort 
of  detail  companies  are  unwilling  to  discuss,  for  competitive 
reasons.  However,  Rigby  notes  two  common  events  that  nearly 
every  company  should  plan  on.  One  is  competitive  mergers  and 
alliances:  What  happens  if  you’re  the  industry’s  number  one, 
and  number  two  merges  with  number  three?  Rigby  notes  that 
the  first  company  in  this  scenario  will  want  to  pay  particular 
attention  to  its  CRM  plans;  the  merger  of  the  smaller  com¬ 
petitors  frequently  gives  them  the  ability  to  combine  their  sep¬ 
arate  customer  views  and  “triangulate”  to  determine  which 
customers  are  most  profitable,  for  example.  Rigby’s  other  com¬ 
mon  scenario  planning  need  is  for  possible  supply  chain  dis¬ 
ruption  in  the  post- 9/1 1  world. 

At  Medtronic,  Balagna  relies  less  on  scenario  planning  and 
more  on  his  organizational  model  to  create  an  ability  to  respond 


quickly  to  changes  of  fortune  such  as 
mergers  or  industry  upheaval.  Balagna ’s 
organizational  model  includes  a  global 
technology  council,  made  up  of  the  IT 
leaders  from  each  of  Medtronic’s  busi¬ 
ness  units  around  the  world.  The  coun¬ 
cil  meets  roughly  every  two  months  to 
review  the  appropriateness  of  the  company’s  ongoing  strategy, 
make  adjustments  if  necessary  and  also  make  sure  current  proj¬ 
ects  are  being  executed  as  planned.  Balagna  can  also  call  emer¬ 
gency  meetings  if  necessary.  Balagna  says  that  plans  can’t  be 
changed  instantaneously,  “but  we  can  reprioritize  very  quickly 
with  this  model,”  he  says.  The  global  makeup  of  the  group  also 
helps  keep  changes  in  the  right  perspective. 

It’s  hard  to  foresee  every  contingency  in  an  unstable  world. 
But  by  avoiding  these  common  mistakes,  building  a  well- 
balanced  plan  and  using  it  to  guide  the  IT  group’s  execution, 
CIOs  will  be  ready  to  take  on  whatever  disruptions  the  future 
brings.  BE] 


Derek  Slater  wants  to  hear  about  your  strategic  planning  challenges  at 
dslater@cio.com. 


cio.com _ 

What  are  your  strategic  planning 
secrets?  Go  online  and  share  what 
you  know  in  TALK  BACK.  Find  the 
link  at  www.cio.com/printlinks. 


An  Unorthodox  Guide  to 
Doing  the  Right  Thing 


CommunicatioiBjvolJr 
Is  Changing  Managemeril 


FRANCES  CAIRNCROSS 
OF  THE  ECONOMIST 


THE 

COMPANY 

OF 

THE 


TURE 


FEED  YOUR  MIND.  IGNITE  YOUR  BUSINESS. 


"A  MILESTONE." 
-Peter  Senge 


AN  INCISIVE  VIEW 


JOSEPH  L.  BADARACCO,  JR. 


HARVARD  BUSINESS  SCHOOL  PRESS 


A  NEW  MODEL 


ETIENNE  WENGER 

richard  mcdermott 

WILLIAM  M.  SNYDER 


At  bookstores  or  call  1-888-500-1016  •  1-617-783-7440  E“]  HARVARD  BUSINESS  SCHOOL  PRESS  www.hbsp.harvard.edu 


Case  Files: 

CUSTOMER  FOCUS 
KNOWLEDGE  MANAGEMENT 
PROJECT  MANAGEMENT 

►  VALUE  PROPOSITION 


COMPANY  INFO 

HEADQUARTERS 

Wichita,  Kan. 

OVERSEAS  OPERATIONS 

Operates  in  20  countries 

INDUSTRY  RANGE 

Operates  in  12  industries 

YEAR  FOUNDED 

1940 

EMPLOYEES 

12,000 

URL 

www.kochind.com 


VALUE  METHODOLOGY 

To  evaluate  new  technologies, 

Koch  Industries  relies  on  a  process 
that  incorporates  research-based 
cost  estimates  and  combines  them 
with  risk  ratios  based  on  experi¬ 
ence.  Every  cost  associated  with  a 
new  technology  implementation  is 
calculated  including  hardware, 
software  and  consulting.  The  goal: 
Take  the  guesswork  out  of  select¬ 
ing  the  best  IT  option. 

THE  PLAYERS 

LLOYD  BOYD 

Director  of  information  technology, 
Koch  Chemical  Technology  Group 

DAN  MURPHY 

Project  manager,  Koch-Glitsch 


THE  EXPERT 

DOUGLAS  HUBBARD 

President,  Hubbard  Decision 
Research  in  Glen  Ellyn,  III. 


Koch  Industries  Inc. 


Hard  Numbers 
for  Hard  Choices 

When  it  comes  to  choosing  a  new  IT  system,  Koch  Industries 
leaves  nothing  to  guesswork  by  matt  villano 


ACQUISITIONS  ARE  nothing  new  to  the  IT  folks 
at  Koch  Industries.  The  Wichita,  Kan. -based 
Koch — pronounced  the  same  as  coke — has  been 
through  the  process  of  merging  systems  again 
and  again,  and  today  it  runs  dozens  of  sub¬ 
sidiaries  worldwide. 

On  the  subsidiary  level,  however,  not  all  Koch 
executives  are  well  versed  in  the  rigors  of  acqui¬ 
sitions.  In  1998,  Koch  Membrane  Systems  based 
in  Wilmington,  Mass.,  bought  out  Fluid  Systems 
in  San  Diego.  “With  the  acquisition,  the  busi¬ 
ness  vision  was  to  integrate  the  two  organiza¬ 
tions,  standardizing  on  processes  and  systems,” 
says  Lloyd  Boyd,  director  of  information  tech¬ 
nology  at  Koch  Chemical  Technology  Group. 

Executives  at  Koch  Membrane  called  on 
Boyd  and  other  IT  leaders  in  their  immediate 
business  unit — Koch  Chemical  Technology 
Group — to  handle  the  integration.  Boyd  and 
other  executives  at  the  business  unit  had  suc¬ 
cessfully  measured  the  value  of  integrations 
before,  touting  a  proprietary,  economics-based 
philosophy  known  as  market-based  manage¬ 
ment  that  combines  more  than  50  economic 
models  and  drives  a  two-pronged  cost-benefit 
analysis  process.  Boyd  applied  that  cost-benefit 


analysis  to  Koch  Membrane,  resulting  in  a  new 
ERP  system  from  Wilmington,  Mass. -based 
vendor  Visibility,  increased  efficiency  and  a  net 
cost  savings  of  approximately  $430,000. 

Before  Koch  Membrane  got  a  new  ERP  sys¬ 
tem,  Boyd  and  Project  Manager  Dan  Murphy 
had  to  estimate  alternatives  and  prove  that  opt¬ 
ing  for  an  ERP  system  was  better  than  signing 
on  with  an  ASP  or  selecting  comparable 
client/server  technology.  They  did  that  with 
methodology  that  incorporates  research-based 
estimates  and  the  assignment  of  risk. 

The  Cost 

The  first  cost  Boyd  tackled  was  for  software, 
which  he  estimated  on  a  per-user-per-year  basis. 
Koch  Membrane  had  roughly  240  IT  users,  but 
factoring  in  staff  scheduling,  Boyd  figured  he 
wouldn’t  need  to  account  for  more  than  80 
users  at  a  time.  With  all  options,  Boyd  knew 
Koch  would  need  a  database  upgrade,  at  a  cost 
of  $300  per  user  per  year,  or  $24,000  annually. 

In  researching  software  cost  for  the  ASP 
option,  Boyd  consulted  colleagues  and  websites 
to  determine  a  rate  of  $300  per  user  per  month, 
or  $3,600  per  year.  For  80  users,  an  ASP  would 


94  CIO  JUNE  1,  2002  •  www.clo.com 


THIS  IS  PULLING  5  G'S  JUST  BY  TURNING  ON  YOUR  COMPUTER 


This  is  Qwest  Dedicated  Internet  Access.  People  obsessed  with  moving  data 


and  video  faster  and  more  securely.  This  is  completing  one  of  the  first  coast- 


to-coast  OC-192  networks.  This  is  not  being  satisfied  until  we  bring  you  the 


first  OC-768  network,  and  then  still  not  being  satisfied  until  we  bring  you 


help  you  work  better.  This  is  realizing  fast  isn't  fast  enough  anymore.  This  is 


one  reason  more  than  half  of  the  Fortune  500®  ride  the  light. 


1-800-RIDE-QWEST 


Source:  Qwest*  and  WorldCom*  SLA  terms  and  conditions  published  on  www.qwest.com  and  www.worldcom.com  as  of  3/2002. 


Voice  Solutions  Data  Solutions  Internet  Solutions  Managed  Solutions 

Dedicated  Internet  Access 


Qwest  DIA  is  available  throughout  the  United  States.  Qwest  DIA  service  also  provides  high-speed  Internet  access  to  more  than  240  major  cities  in  1 9  European  countries.  However,  customers  in  the  states  of  A Z.  CO,  ID,  IA,  MN,  MT,  ND,  NE,  NM.  OR,  SD,  UT,  WA 
and  WY  will  have  their  Qwest  Internet  services  provided  in  conjunction  with  a  separate  Global  Service  Provider  (GSP).  This  provider  will  supply  customers  with  connectivity  to  the  global  Internet  in  those  states.  ©2002  Qwest  Communications  International  Inc 


r  Performance  Guarantee  Comparison  Chart 

Qwest 

UUNET 

Superior  Performance 

Off-Net  SLA 

YES 

NONE 

Qwest 

North  American  Latency 

50ms 

65ms 

Qwest 

Trans  Atlantic  Latency 

65ms 

120ms 

Qwest 

Trans  Pacific  Latency 

125ms 

NONE 

Qwest 

Intra  Europe  Latency 

35ms 

65ms 

Qwest 

Intra  Asia  Latency 

100ms 

NONE 

Qwest 

^  Packet  Delivery 

99.50% 

99.00% 

Qwest  j 

Case  Files 


Value  Proposition 


cost  $288,000;  he  multiplied  the  figure  by  a 
risk  factor  of  1.5  because  the  ASP  market 
was  volatile.  The  final  price  tag:  $456,000 
including  a  database. 

Boyd  relied  on  the  same  research  for  the 
client/server  option.  Licensing  fees  would 
cost  $2,500  to  $3,500  per  user  per  year.  For 
80  users,  that  would  be  $200,000  to 
$280,000.  He  then  multiplied  those  figures 
by  a  risk  factor  of  1.15  to  account  for  his 
own  inexperience  with  client/server  technol¬ 
ogy,  for  a  range  of  $230,000  to  $322,000. 
Boyd  accounted  for  annual  maintenance 
costs,  adding  a  standard  10  percent  fee  to 
the  lower  figure  ($20,000)  and  an  18  percent 
fee  to  the  higher  one  ($50,400).  The  final 
calculation:  $274,000  to  $396,000  per  year 
including  a  database. 

Experience  helped  Boyd  estimate  the  soft¬ 
ware  cost  associated  with  Visibility’s  ERP; 
he  knew  he  could  get  a  licensing  price  of 
$1,500  to  $1,800  per  user  per  year  because 
he’d  overseen  six  similar  implementations  of 


the  Visibility  system  at  Koch  subsidiaries. 
With  80  users,  those  fees  would  cost  about 
$120,000  to  $144,000.  Boyd  then  factored 
in  maintenance,  adding  10  percent  to  the 
lower  figure  ($12,000)  and  15  percent  to  the 
higher  one  ($21,600),  for  a  range  of 
$132,000  to  $165,600.  He  multiplied  those 
numbers  by  a  risk  factor  of  1.05  to  account 
for  changes  in  the  economy.  The  tally: 
$163,000  to  $198,000  including  a  database. 

For  hardware  costs,  Boyd  figured  he’d 
have  to  upgrade  technology  for  all  240 
users.  He  broke  down  that  cost  into  server, 
PC  upgrades  and  network,  and  then  esti¬ 
mated  all  of  those  areas  for  each  option. 

For  the  ASP  option,  costs  for  the  server 
and  network  were  nonexistent.  Boyd  asked 
his  systems  managers  to  estimate  cost  for 
PC  upgrades;  improvements  could  cost  any¬ 
where  from  $50  to  $200  a  machine.  For  240 
machines,  that  was  $12,000  to  $48,000. 

Boyd  hit  the  Web  to  research  client/server 
hardware  cost.  He  came  up  with  a  one-time 


Koch  Chemical  Technology  Group  Director  of  IT  Lloyd  Boyd  and  Project  Manager  Dan 
Murphy  crunched  a  lot  of  numbers  before  deciding  that  an  ERP  system  was  the  best  choice. 


annual  cost  of  $8,000  to  $30,000.  He  mul¬ 
tiplied  those  figures  by  1 .25  to  account  for 
price  fluctuations.  The  result:  $10,000  to 
$37,500  per  year.  Since  Koch  had  sufficient 
communications  lines,  network  cost  was  not 
an  issue,  so  Boyd  factored  in  the  same  cost 
predictions  from  his  systems  people  for  PC 
upgrades:  $12,000  to  $48,000.  The  final 
estimate  for  client/server  hardware  was 
between  $22,000  and  $85,500. 

With  the  Visibility  ERP,  additional  mem¬ 
ory  was  needed.  Boyd  estimated  that  cost 
between  $1,500  and  $15,000  depending  on 
how  much  memory  he’d  need.  He  multiplied 
those  figures  by  a  risk  factor  of  1.05  to 
account  for  price  fluctuations,  for  a  cost 
between  $1,575  and  $15,750.  Next,  Boyd 
figured  he’d  need  to  install  a  VPN  line  to  San 
Diego,  and  he  estimated  it  at  a  one-time  cost 
of  $12,000.  He  multiplied  that  by  1.05,  again 
to  account  for  changes  in  the  economy,  for  a 
total  network  estimate  of  $12,600.  Finally, 
he  factored  in  $50  for  what  his  systems  peo¬ 
ple  deemed  “minor”  upgrades  for  every  PC, 
for  a  total  of  $12,000.  The  final  price  tag  was 
$14,175  to  $40,350  per  year. 

No  matter  which  option  Boyd  chose,  he’d 
need  to  hire  consultants.  He  researched  ASP 
consulting  projects  online  and  determined 
that  the  project  would  likely  take  between 
1,200  and  1,800  hours.  He  then  averaged 
quotes  for  senior  and  junior  consultants  and 
arrived  at  a  figure  of  $125  per  hour.  Boyd 
then  calculated  a  range  of  $150,000  to 
$225,000  and  multiplied  those  figures  by 
1.25  to  account  for  his  lack  of  experience 
with  ASP  consultants.  The  final  range: 
$187,500  to  $281,250. 

After  contacting  practitioners,  Boyd  deter¬ 
mined  that  client/server  technology  would 
require  1,600  to  2,400  hours  of  consultant 
work.  He  multiplied  those  figures  by  $125  for 
a  range  of  $200,000  to  $300,000.  Boyd  mul¬ 
tiplied  that  spread  by  1.25,  again  to  account 
for  his  lack  of  experience  with  client/server 
technology.  The  end  result:  an  estimate 
between  $250,000  and  $375,000. 

Boyd  could  use  the  same  Visibility  con¬ 
sultants  Koch  had  used  in  the  past  and  could 
leverage  five  internal  subject-matter  experts. 


PHOTO  BY  KOCH  CREATIVE 


Jt  perspective  At  Lockheed  Martin,  we  understand 
ex  interconnectivities  and  the  fragile  balance  between 
individuals  and  across  systems.  And  we’re  bringing  that  hard-earned 
knowledge  to  IT  outsourcing. 


com] 


Case  in  point  :  The  U.S.  Chamber  of  Commerce,  the  world’s 
largest  non-profit  business  federation,  engaged  Lockheed  Martin 
to  upgrade  their  infrastructure  and  accelerate  system  implementation. 
The  resulting  collaboration  enabled  the  U.S.  Chamber  to,  not  only 
meet  their  financial  goals,  but  also  to  educate  their  staff  on  the  benefits 
of  using  IT  to  solve  business  problems. 

We  know  how  it  can  work.  Better,  faster,  stronger. 

Lockheed  Martin.  Continuing  to  bring  our  30-year  heritage  of  big 
picture  thinking  and  detailed  focus  to  IT. 


LOCKHEED  MARTIN 

INFORMATION  TECHNOLOGY 


www.it.lockheedmartin.com 


BN 

* 

}  S 

P? 

L 

Case  Files  |  Value  Proposition 

Therefore,  he  estimated  the  job  taking 
between  800  and  1,200  hours,  and  figured 
it  would  cost  him  $100  per  hour.  He  multi¬ 
plied  the  resulting  $80,000  to  $120,000 
range  by  1.1  to  account  for  project  delays 
for  a  cost  of  $88,000  to  $132,000. 

Boyd  knew  that  all  options  would  put  a 
financial  strain  on  the  organization  inter¬ 
nally,  particularly  in  the  areas  of  training  and 
documentation.  Basing  estimates  on  previ¬ 
ous  experiences  with  similar  projects,  he  fig¬ 
ured  internal  cost  would  be  $50  per  hour. 

A  cursory  look  at  industry  reports  led 
Boyd  to  believe  that  an  ASP  implementation 
would  require  between  6,000  and  7,825 
hours  of  internal  time  for  all  240  Koch 
Membrane  employees.  At  $50  an  hour,  he 
estimated  that  cost  between  $300,000  to 
$391,250.  He  multiplied  those  figures  by  a 
risk  factor  of  1.25  to  account  for  a  general 
unfamiliarity  with  projects  of  this  nature  and 
arrived  at  a  final  estimate  of  $375,000  to 
$489,000.  The  ASP  option  had  relatively  the 
same  time  and  price  estimates  for  training 
and  documentation  as  the  client/server 
option.  Boyd  read  reports  that  documented 
how  the  client/server  option  was  slightly 
more  complicated  than  the  ASP  model,  so 
he  set  the  low-end  of  the  time  range  a  bit 
higher  at  6,500  hours  instead  of  6,000.  With 
the  same  estimated  hourly  rate  and  the  same 
risk  factor  of  1.25,  that  brought  the  overall 
estimate  for  internal  cost  on  the  client/server 
option  to  between  $406,250  and  $489,000. 

For  the  Visibility  system,  Boyd  factored 
in  the  same  amount  of  time  for  training  and 
documentation  but  added  extra  time  to 
account  for  training  the  five  internal  subject- 
matter  experts  to  oversee  the  project  after 
implementation.  As  a  result,  his  estimate 
ranged  from  7,000  to  8,325  hours,  for  a  cost 
of  between  $350,000  and  $416,250.  Because 
of  Koch’s  familiarity  with  Visibility,  he 
applied  a  risk  factor  of  1.1,  for  an  estimate 
between  $385,000  and  $458,000. 

Koch  Membrane  was  spread  between 
Boston,  San  Diego  and  Europe,  so  Boyd  had 
to  account  for  travel  expenses.  He  figured 
each  trip  would  cost  from  $1,000  to  $1,200. 

To  implement  an  ASP,  Boyd  figured  on 


EXPERT  ANALYSIS 


KOCH  RISK  RANGE 

BY  DOUGLAS  HUBBARD 

KOCH  INDUSTRIES  gets  an  enthusiastic  thumbs-up  on  two 
issues.  First,  Lloyd  Boyd  actually  makes  a  habit  of  doing 
research  before  making  a  business  case.  As  basic  as  that 
sounds,  it  is  remarkably  rare.  Most  business  cases  are  cre¬ 
ated  from  thin  air  where  the  numbers  are  chosen  not  for 
their  realism,  but  as  a  delicate  balancing  act  between  cred¬ 
ibility  and  getting  funding  for  something  someone  has 
already  decided  they  want.  Second,  Koch  at  least  attempts 
to  account  for  uncertainty— a  major  component  of  any  IT 
investment— by  applying  what  Boyd  calls  “risk  factors." 

I  suggest  that  Boyd  use  his  research  skills  to  determine 
how  most  actuaries  and  statisticians  have  been  modeling 
risk  for  many  decades.  He  would  discover  that  in  the  fields 
of  decision  theory  and  quantitative  analysis,  they  don’t 
apply  a  subjective  series  of  risk  factors  to  each  number. 

Unless  we  can  answer  a  question  like,  What  is  the  probability  of  a  negative  ROI? 
we  are  not  actually  doing  risk  assessment.  For  decades,  statisticians,  economists 
and  others  have  been  modeling  risk  with  the  Monte  Carlo  method.  The  models  are 
based  on  ranges  or  “probability  distributions,"  which  are  then  used  to  generate 
thousands  of  scenarios  so  that  we  can  determine,  for  example,  the  probability  of  a 
negative  ROI.  Those  ranges  are  still  initially  subjective  but  the  approach  has  advan¬ 
tages  over  Boyd's  approach.  It  turns  out  that  people  are  pretty  lousy  at  intuitively 
assessing  risk— they  are  typically  overconfident  about  the  risks  they  take.  However, 
there  is  a  lot  of  data  about  how  to  modify  these  ranges  accordingly.  What  strikes 
me  about  Boyd’s  factors  is  that  they  are  relatively  small  compared  with  the  adjust¬ 
ments  typically  necessary  for  IT  estimates.  When  I  ask  IT  execs  for  ranges  and  to 
track  the  outcomes,  their  ranges  should  be  three  times  wider. 

Finally,  how  uncertainties  add  up  is  not  intuitive.  This  particular  investment 
seems  like  a  small  one  for  Koch.  The  relative  risk  of  small  or  large  investments  is 
computed  with  an  equation  often  used  by  financial  institutions.  Koch  may  find  with 
this  equation  that  the  risk  is  negligible  because  the  investment  is  such  a  small 
share  of  the  portfolio.  Only  the  math  will  tell. 


Douglas  Hubbard  is 
president  of  Hubbard 
Decision  Research  in 
Glen  Ellyn,  III.,  and 
inventor  of  the  applied 
information  economics 
method  for  valuing  IT 
projects.  He  can  be 
reached  at  dwhubbard 
@hubbardresearch.com. 


between  50  and  80  trips  to  and  from 
Wichita,  for  a  cost  of  $50,000  to  $96,000. 
Boyd  then  multiplied  that  range  by  1.15,  to 
account  for  changes  in  price  as  well  as  a 
number  of  emergency  and  unscheduled 
trips.  The  end  result:  a  range  of  $57,500  to 
$110,400.  Boyd  used  the  same  data  to  esti¬ 
mate  travel  cost  for  the  client/server  option. 

For  the  Visibility  option,  Boyd  figured  that 
the  local  subject-matter  experts  would  reduce 


the  number  of  trips  from  80  to  70,  for  a  cost 
between  $50,000  and  $84,000.  Since  his  staff 
is  familiar  with  Visibility,  Boyd  assumed  there 
would  be  fewer  emergency  trips.  He  multi¬ 
plied  those  figures  by  1.1  to  come  up  with  a 
range  of  $55,000  to  $92,400. 

The  Benefit 

To  calculate  the  cost  benefit  of  improving 
processes,  Boyd  met  with  representatives 


98  CIO  JUNE  1,  2002  •  www.cio.com 


Wmw 


Are  you  getting  the  most  from 

your  existing  resources? 


l  Mi  i  n 


DataCore 

V  SOFTWARE 


Case  Files 


Value  Proposition 


from  Koch  Membrane’s  four  major  depart¬ 
ments — accounting,  engineering,  manufac¬ 
turing  and  sales.  He  asked  them  what 
improvements  they  expect  of  a  new  system, 
how  they  use  the  current  systems  and  how 
they  expect  to  use  a  new  system  differently 
to  improve  efficiency.  Finally,  the  team,  work¬ 
ing  with  the  department  reps,  established  an 


average  hourly  rate  to  help  quantify  an  esti¬ 
mate.  For  accounting  and  sales,  the  rate  was 
set  at  $50  per  hour.  Because  most  of  the  effi¬ 
ciencies  would  be  saved  on  shop  floors,  the 
manufacturing  rate  was  set  at  $30  an  hour. 

Next,  Boyd  worked  with  team  leaders  in 
the  departments  to  come  up  with  time  range 


estimates.  In  accounting,  a  new  system 
would  save  between  5,000  and  8,000  hours 
of  work,  or  $250,000  to  $400,000.  In  sales, 
between  1,000  and  3,000  hours  would  be 
saved,  or  $50,000  to  $150,000.  In  manu¬ 
facturing,  he  set  the  range  from  1,650  to 
2,500  hours,  or  $49,500  to  $75,000.  The 
figures  did  not  differ  across  options  because 


department  representatives  didn’t  care 
which  option  helped  them  achieve  efficien¬ 
cies.  To  address  differences  among  options 
and  tie  savings  more  closely  to  the  realities  of 
each  option,  Boyd  used  different  risk  factors. 

With  an  ASP,  he  multiplied  the  ranges  by 
a  risk  factor  of  0.75  to  account  for  Koch’s 


inexperience  with  Web-based  systems. 
Estimates  for  accounting  savings  dipped  to 
a  range  of  $187,500  to  $300,000,  sales  esti¬ 
mates  dropped  to  $37,500  to  $112,500,  and 
those  for  manufacturing  fell  between 
$37,125  and  $56,250. 

For  the  client/server  option,  Boyd  multi¬ 
plied  the  ranges  by  0.8  to  account  for  Koch’s 
lack  of  experience  with  the  software.  The 
estimates  for  accounting  savings  dipped  to 
a  range  of  $200,000  to  $320,000,  the  sales 
savings  dropped  to  between  $40,000  and 
$120,000,  and  manufacturing  savings 
slipped  between  $39,600  and  $60,000. 

To  readjust  estimates  for  the  Visibility 
option,  Boyd  multiplied  the  ranges  by  0.9 
because  he  didn’t  think  training  would  go 
as  smoothly  as  expected.  The  estimates  for 
savings  in  accounting  dipped  to  a  range  of 
$225,000  to  $360,000,  the  sales  estimates 
dropped  to  $45,000  to  $135,000,  and  those 
estimates  for  manufacturing  slipped  down 


With  any  new  system,  Koch  Membrane  would  save 
$585,000  in  mainframe  and  consulting  costs. 


It's  true!  The  numbers  are  in  and  it  all  adds  up.  Unicenter,  the 
global  leader  in  infrastructure  management  solutions,  can  deliver 
a  whopping  663%  ROI.  Just  ask  IDC.  It's  right  there  in  their 
recent  white  paper.  And,  because  Unicenter  is  now  modular,  you 
can  buy  just  the  pieces  you  need,  just  when  you  need  them. 


Unicenter 

Infrastructure  Management 

663%  Return  on  Investment 


100  CIO  JUNE  1,  2002  •  www.cio.com 


to  a  range  of  $44,550  to  $67,500. 

With  any  new  system,  Koch  Membrane 
would  save  the  cost  of  the  old  system  being 
replaced.  Boyd  calculated  that  Koch 
Membrane  would  save  $375,000  annually 
for  replacing  its  preexistent  mainframe  com¬ 
puter,  and  $210,000  annually  for  ending  its 
preexistent  consulting  contracts,  adding  up 
to  a  $585,000  benefit. 

To  calculate  savings  in  inventory  manage¬ 
ment,  Boyd  asked  manufacturing  represen¬ 
tatives  how  they  expected  the  new  system 
to  help  them  manage  inventories.  With  bet¬ 
ter  planning,  the  representatives  figured  they 
would  save  at  least  $625,000  in  Boston  and 
$25,000  in  San  Diego. 

To  readjust  inventory  management  sav¬ 
ings  associated  with  an  ASP,  Boyd  multiplied 
manufacturing  estimates  by  0.5,  to  account 
for  a  complete  lack  of  experience  with  the 
technology.  The  end  result  was  a  $312,000 
savings  estimate  for  Boston  and  $12,500 


cio.com _ 

Check  out  the  I.T.  VALUE  Research 
Center.  Go  to  www.cio.com/value. 


estimate  for  San  Diego.  To  recalculate  inven¬ 
tory  management  savings  brought  about  by 
the  client/server  option,  Boyd  multiplied 
manufacturing  estimates  by  a  risk  factor  of 
0.75,  to  account  for  a  lack  of  experience 
with  new  products  in  the  niche.  That  re¬ 
adjustment  resulted  in  a  $468,750  estimate 
for  Boston  and  an  $18,750  estimate  for  San 
Diego.  To  get  a  more  realistic  view  of  inven¬ 
tory  management  savings  brought  about  by 
improvements  with  the  Visibility  ERP  sys¬ 
tem,  Boyd  multiplied  the  figures  by  0.8  to 
account  for  concern  about  overestimating 
the  impact  of  training  on  the  new  system. 
Boyd’s  savings  estimates  were  lower  than 
those  of  the  representatives — $500,000  for 
Boston  and  $20,000  for  San  Diego. 


The  Choice 

Just  about  across  the  board,  implementing 
the  Visibility  ERP  system  cost  the  least  and 
saved  the  most.  According  to  the  initial  esti¬ 
mates,  the  Visibility  option  would  cost 
between  $704,775  and  $920,505  and  save 
$1.4  million  to  $1.7  million;  the  ASP  option 
would  cost  about  $1  million  to  $1.4  million 
and  save  between  $1.2  and  $1.4  million; 
and  the  client/server  option  would  cost 
about  $1  million  to  $1.5  million  and  save 
$1.4  million  to  $1.6  million. 

After  its  origination  process,  the  choice 
was  clear:  Koch  would  replace  the  main¬ 
frame  system  with  the  Visibility  ERP  sys¬ 
tem.  That  decision  was  the  first  step  on  a  rig¬ 
orous  value  measurement  time  line,  but  it 
was  a  critical  one.  BE] 


E-mail  your  value  methodology  to  us  at  case 
files@cio.com.  Seattle-based  freelance  writer  Matt 
Villano  can  be  reached  at  mjv@whalehead.com. 


All  while  still  enjoying  the  benefits  of  pay-as-you-go  licensing.  So  there's 
no  better  way  for  your  company  to  realize  its  true  potential.  And,  if  you're 
the  CIO,  there's  no  better  way  for  you  to  realize  yours. 

To  read  the  white  paper,  just  go  to  ca.com/unicenter/roi. 


Computer  Associates™ 


HELLO  TOMORROW 


M  WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS 


TM 


©2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 
Source:  "Quantifying  The  Business  Value  Of  Infrastructure  Management:  An  Empirical  ROI  Study!'  IOC,  2001. 


www.cio.com  •  JUNE  1,  2002  CIO 


1  0  1 


I 


I 

i 

1 

1  l 

1  1 

1 

| 

r 

CRM 


UNION  NATIONAL  COMMUNITY  BANK  (UNCB)  HAS  HISTORY 

on  its  side.  With  well-established  roots  in  Lancaster  County,  the 
149-year-old  community  bank  in  Mount  Joy,  Pa.,  has  a  reputation 
for  old-fashioned  customer  service.  The  address  of  its  headquar¬ 
ters— 101  East  Main  St.— says  it  all.  But  a  few  years  back,  it  sud¬ 
denly  found  itself  competing  not  only  with  other  well-established  local  and  regional 
banks  but  also  with  giant  conglomerates  like  First  Union-Wachovia  and  Fleet  Bank. 
All  were  eager  to  grab  a  piece  of  the  wallet  in  the  affluent  Lancaster  area. 

UNCB  attempted  to  compete  on  price— lowering  fees,  discounting  loan  rates 
and  inflating  deposit  rates— while  still  offering  its  hands-on  customer  service.  But  it 
was  a  money-losing  move.  UNCB  was  fast  becoming  the  Conestoga  wagon  of  local 
banks,  and  Lancaster  County  locals  were  eyeing  the  more  plentiful  offerings  of  the 
larger  banks,  the  Jeep  Grand  Cherokees  of  finance. 

So  in  2000,  UNCB  did  the  only  thing  it  could  do  to  retain  its  customer  base.  It 
turned  to  technology  and  a  customer  relationship  management  solution.  The 
seven-branch  bank  spent  about  $250,000  on  a  CRM  package  that  allowed  it  to 
segment  its  37,000  accounts  by  profitability,  drill  down  into  individual  household 


Faced  with  growing  competition  from  the  big  guys, 
small  and  midsize  banks  are  using  CRM  to  try  to  make 
it  over  the  competitive  mountain 


Reader  ROI 

►  Learn  how  CRM  is  helping 
smaller  banks  play  catch-up 

►  Read  about  the  ROI  of 
segmenting  your  customers 

►  Discover  some  best  cus¬ 
tomer-service  practices  for 
your  own  midsize  business 


information  to  get  a  view  of  spending  and  account  activity,  and  feed  all  bank 
transactions  into  a  single  data  warehouse  where  they  could  be  analyzed  later  to 
pinpoint  the  most  important  products  to  its  clients.  Since  then,  UNCB  officials 
say,  they  have  achieved  $1  million  in  efficiency  gains,  stemmed  customer  erosion 
and  seen  substantial  revenue  growth. 

Forced  to  compete  in  a  consolidating  industry  dominated  by  big  banks,  many 
community  and  regional  financial  institutions  are  turning  to  CRM  for  help. 
Although  these  smaller  institutions  may  be  physically  closer  to  their  customers, 
multinational  mega-banks  are  using  technology  to  simulate  the  proximity  that 
was  once  the  defining  advantage  of  the  small  guys.  Local  institutions  must  play  IT 
catch-up  to  survive. 

"There  is  a  certain  me-too-ism  about  CRM  technology,  with  the  smaller  institu¬ 
tions  saying,  ‘We  should  be  as  technologically  capable  as  the  largest  banks,”'  says 
Kathleen  Khirallah,  a  Los  Angeles-based  CRM  expert  at  the  TowerGroup,  a  finan¬ 
cial  services  IT  consultancy  based  in  Needham,  Mass.  “At  the  same  time,  con¬ 
sumers  are  used  to  getting  certain  levels  of  service,  whether  they’re  dealing  with 
Domino’s  Pizza  or  Amazon.com.  And  banks  of  all  sizes  have  to  meet  those  service 
levels,  in  terms  of  speed,  accuracy  and  understanding  the  customer  relationship.” 


www.cio.com  •  JUNE  1,  2002  CIO  103 


CRM 


il  IN  COMMUNITY  BANKING,  THE  THINKING  HAS 
BEEN  THAT  ALL  CUSTOMERS  ARE  CREATED  EQUAL,  AND 
THAT’S  ABSOLUTELY  NOT  TRUE,  f  f 

-MICHAEL  FREY,  COO  OF  UNION  NATIONAL  COMMUNITY  BANK 


Though  they  started  behind  the  eight  ball, 
local  banks  and  other  small  institutions  can 
use  CRM  to  better  do  what  they’re  uniquely 
qualified  for — catering,  communicating  and 
cross-selling  to  their  customers.  In  fact, 
smaller  players  in  many  industries — from 
retail  and  communications  to  health-care 
and  hospitality — can  use  CRM  tools  to  once 
again  capitalize  on  what  historically  has  dif¬ 
ferentiated  them  from  the  big  conglomerates 
in  their  markets. 

KNOW  THY  CUSTOMERS 

Like  many  small  to  midsize  enterprises,  most 
community  banks  and  credit  unions  were  run 
for  years  on  little  more  than  informed  guess¬ 
work.  The  assumption  that  the  little  bank  on 
the  corner  knows  its  customers  any  better 
than  the  bigger  players  is  often  incorrect. 
“While  these  smaller  institutions  are  [closer 
to  their  customers]  and  have  more  of  an  incli¬ 
nation  toward  that  kind  of  service,  they  really 
don’t  know  their  customers  as  well  as  you 
might  think,”  Khirallah  explains.  Hard  num¬ 
bers  on  account  balances  were  available  from 
their  core  processing  systems  but  little  more. 
With  a  limited  amount  of  money-making 
business  to  go  after  and  increasingly  larger 

V 

and  more  well-funded  competition,  these 
smaller  players  have  had  to  start  thinking 
more  seriously  about  where  their  revenue 
really  comes  from  and  who  their  customers 
are  in  terms  of  dollars  and  sense.  With  ana¬ 
lytical  CRM  tools,  many  are  able  to  see  for  the 
first  time  which  customers  they  are  making 
money  from  and  which  customers  are  cost¬ 
ing  them  money.  They  can  then  segment  those 
customers  and  determine  which  products  and 
fees  to  offer  them. 

While  UNCB  had  always  prided  itself  on 
its  customer  focus,  the  way  it  did  business 
didn’t  reflect  that.  “A  lot  of  our  procedures, 
such  as  performance  measures,  training  and 
compensation  structures,  were  not  aligned 
around  the  customer.  And  our  products  and 
pricing  were  in  desperate  need  of  review.  But 
we  were  lacking  the  technology  to  do  any¬ 
thing  about  it,”  says  Michael  Frey,  a  native 
of  Mount  Joy  who  joined  UNCB  in  1998 
to  oversee  strategic  technology  initiatives 


and  lead  cultural  change  as  executive  vice 
president  and  COO.  As  a  result  of  its  anti¬ 
quated  approach  to  customer  relations,  the 
bank  made  a  lot  of  decisions  based  on 
instinct,  not  data.  For  example,  UNCB 
would  discount  loan  rates  in  reaction  to  a 
similar  move  at  the  Bank  of  Lancaster 
County.  Or  waive  a  fee  in  response  to  a 
seemingly  loyal  but  complaining  customer, 
without  any  knowledge  of  whether  his  rela¬ 
tionship  with  the  institution  was  financially 
strong  enough  to  merit  special  treatment. 

Because  of  this  nonstrategic  approach, 
UNCB  found  itself  to  be  one  of  the  cheap¬ 
est  games  in  town,  in  terms  of  fees  and  rates, 
while  at  the  same  time  it  offered  some  of  the 
highest  levels  of  service.  “It  was  inconsis¬ 
tent,”  Frey  says. 

Two  years  ago,  the  bank,  which  has 


$307  million  in  assets,  embarked  on  a  colos¬ 
sal  change  in  its  processes,  products  and 
pricing  in  order  to  stay  profitable  and  still 
retain  its  customer-centric  reputation.  At  the 
cornerstone  of  the  new  strategy  was  the 
CRM  suite  from  Metavante.  The  system 
allows  the  bank  to  look  more  closely  not 
only  at  its  big  picture  financials  but  also  at 
profitability  by  customer.  UNCB  immedi¬ 
ately  realized  that  it  was  actually  losing  or 
barely  making  money  on  some  customers 
while  virtually  ignoring  others  who  were 
actually  more  valuable.  “In  community 
banking,  the  thinking  has  always  been  that 
all  customers  are  created  equal,  and  that’s 
absolutely  not  true,”  Frey  says. 

UNCB  is  using  Metavante’s  relationship 
profitability  tool  to  calculate  the  net  profit  of 
all  its  bank  customers  by  analyzing  all  asso- 


104  CIO  JUNE  1,  2002  •  www.cio.com 


ammmmm 


Are  your 

customer  care  capabilities  as 
integrated  as  they  could  be? 


Today,  providing  consistent  customer  care  requires  linking  all  of  your  resources. 

From  the  front  office  to  the  back  office  and  even  out  into  the  field.  Genesys  can  help. 
Join  us  for  a  free  Webinar  on  Customer  Care  Integration  and  learn  how  to 
provide  superior  customer  service  across  your  entire  enterprise.  For  more  information 
and  to  register  for  the  free  Webinar,  visit  www.genesyslabs.com/integration. 


CRM 


ciated  costs  and  revenue  associated  with 
each  customer’s  behavior.  Did  the  customer 
visit  tellers  often  or  opt  for  less  expensive 
ATM  and  Internet  transactions?  How  many 
checks  was  she  writing  a  month?  Was  there 
other  revenue  associated  with  her  accounts 
from  optional  services  or  extra  fees?  By 
using  this  tool,  the  bank  was  able  to  segment 
its  customer  base  into  high-value  and  low- 
value  buckets.  So  when  it  began  to  raise 
some  of  its  rates  and  fees  to  pay  for  its  con¬ 
sistently  high-touch  service,  the  bank  was 
able  to  protect  its  most  profitable  customers 
from  the  increases.  Bank  officials  also  began 
to  create  incentives  to  make  the  less  valu¬ 
able  customer  segments  more  profitable  to 
the  bank — either  by  encouraging  electronic 
banking  or  signing  customers  up  for  prod¬ 
ucts  that  generated  more  revenue. 

“  [By  using  CRM,]  smaller  banks  can  start 
to  ask  questions  like,  Who’s  asking  for  this 
product  or  price,  and  Does  it  make  sense  for 
the  future?”  explains  Tom  Richards,  CRM 
research  director  for  Meridien  Research  in 
Newton,  Mass.  “Signing  up  a  customer  for 
five  new  products  just  to  make  them  more 
loyal  doesn’t  necessarily  get  the  job  done  if 
-they’re  the  wrong  five  products  and  don’t 
make  money  for  the  bank.” 

The  CRM  system,  together  with  digitiza¬ 
tion  of  record  keeping,  has  saved  the  bank 
$1  million  since  early  2001.  More  important, 
the  bank  says,  assets  grew  9  percent;  revenue 
rose  11  percent  to  $13.3  million;  yearly  non¬ 
interest  income  increased  by  50  percent;  and 
earnings  jumped  35  percent,  or  $500,000, 
to  $2.2  million  in  the  year  following  the 
implementation.  And  Frey  claims  the  return 
on  its  CRM  investment  has  only  just  begun. 

THE  RIGHT  CROSS 

Community  banks  and  credit  unions  are 
uniquely  equipped  to  cross-sell  to  existing 
customers,  primarily  because  customers  like 
to  do  business  with  people  they  know, 
according  to  John  Varricchio,  a  partner  at 
Deloitte  &  Touche  in  New  York  City.  “Our 
experience  is  that  over  90  percent  of  people 
go  to  their  primary  financial  institution 
when  they  need  a  new  product,”  he  says. 


CRM  Tips  for 
the  Little  Guys 

r® 

H  BUY  USER-FRIENDLY  ~ 

Chances  are  you  won’t  have  an  IT  expert 
running  your  CRM  products  like  the  big 
guys.  So  buy  based  on  who  will  actually 
have  to  operate  the  software. 

r© 

— |  AVOID  STICKER  SHOCK 

Don’t  be  scared  off  by  reports  of  competi¬ 
tors  spending  millions  on  CRM.  Seek  out 
vendors  serving  the  small  to  midsize 
market  or  your  vertical  industry  for  a 
price  more  in  line  with  your  budget. 

r® 

— |  CREATE  POWER  USERS 

You  probably  won’t  have  many  full-time 
employees  whom  you  can  dedicate  to 
makingthe  most  of  your  CRM  tools. 
Supplement  them  with  those  on  staff 
interested  in  getting  their  hands  dirty 
exploring  the  software’s  full  potential  in 
order  to  make  the  most  of  the  investment. 

) 

ALIGN  YOUR  CRM  SOLUTIONS 
WITH  YOUR  OVERALL  STRATEGY 

“You  have  to  define  CRM  first  and  fore¬ 
most  as  a  business  strategy  and  organi¬ 
zational  philosophy  that  is  supported  by 
technology  so  you  create  a  culture  that 
understands  what  it’s  all  about,”  says 
Michael  Frey,  COO  of  Union  National 
Community  Bank  in  Mount  Joy,  Pa. 

r® 

[change  PROCESSES  THAT  DON’T 
^  WORK 

Building  CRM  systems  and  processes 
around  existing  inefficient  processes  is  a 
waste  of  time;  don’t  be  afraid  to  ditch 
them,  no  matter  how  long  you’ve  been 
doing  it  that  way.  -S.O. 


“These  smaller  institutions  already  have 
strong  customer  relationships,  and  the  abil¬ 
ity  to  cross-sell  represents  a  huge  opportu¬ 
nity  for  them.”  But  it  helps  if  they  have  tools 
to  segment  their  customer  base  and  figure 
out  what  to  sell  to  whom  and  how. 

Surrey  Metro  Savings,  a  50-year-old 
community  credit  union  serving  British 
Columbia’s  lower  mainland,  uses  the  data¬ 
base  and  analytical  tools  in  its  CRM  software 
from  NuEdge  Systems  to  discover  exactly 
what  other  financial  products  an  existing  cus¬ 
tomer  may  be  in  the  market  for.  Prior  to  its 
installation,  customers  complained  that  they 
were  approached  about  products  they 
weren’t  interested  in.  “Now,  when  they  do 
hear  from  us  with  an  attempt  to  sell  them 
something,  it’s  something  they  may  have  been 
considering  anyway,”  says  Jerome  Lengkeek, 
Surrey  Metro’s  assistant  manager  of  database 
marketing,  who  manages  the  CRM  system. 
“We  can  do  the  targeting  well  so  we  won’t 
be  calling  a  15-year-old  about  a  mortgage  or 
a  90-year-old  about  Internet  banking.” 

The  software  also  enables  Surrey  Metro  to 
figure  out  what  new  products  it  can  safely 
introduce  without  competing  with  its  exist¬ 
ing  offerings.  The  credit  union,  with  $1.6  bil¬ 
lion  in  assets,  recently  used  the  system  to  help 
roll  out  its  new  MetroMax  Savings  Account. 
It  hoped  the  year-end,  high-minimum,  short¬ 
term,  high-interest  offering  would  attract 
lucrative  new  customers  who  had  more  than 
$5,000  to  invest.  “But  our  biggest  concern 
was  that  we  would  lose  money  that  was  sit¬ 
ting  in  our  relatively  low-rate  savings  and 
checking  accounts  into  the  higher  rate 
MetroMax,”  Tengkeek  explains.  In  the  past, 
Surrey  Metro  would  have  run  a  mass¬ 
marketing  campaign  to  introduce  the  sav¬ 
ings  account,  cross  its  fingers  and  hope  it 
wouldn’t  cannibalize  its  own  assets.  This 
time,  the  credit  union  was  able  to  use  its 
CRM  system  to  figure  out  how  many  of  its 
accounts  contained  more  than  the  Metro¬ 
Max  minimum,  the  difference  in  rates  of  in¬ 
terest  and  the  potential  financial  loss  if  some 
or  all  of  them  switched  to  the  new,  higher 
rate  account.  Surrey  Metro  could  then  bal¬ 
ance  that  potential  loss  against  potential  new 


106  CIO  JUNE!  ,2002  •  www. cio.com 


Protecting  critical  infrastructure  is  your  job,  only  you 
don't  know  where  you're  vulnerable.  That's  friction. 


©  2002  Peregrine  Systems,  Inc.  All  rights  reserved.  Peregrine  Systems  is  a  registered  trademark  of  Peregrine  Systems,  Inc.  All  other  trademarks  are  the  property  of  their  respective  owners. 


Frictionless  Business 


Peregrine's  Crisis  Response  System  is  the  best  way  to  prepare, 

respond  and  recover.  Peregrine  is  helping  to  secure  the  nations  critical  infrastructure 
with  the  Crisis  Response  System — the  proven  choice  of  government  and  the  private  sector. 
The  Crisis  Response  System  provides  the  communications  and  work  flow  structure  to  facilitate 
continuity  of  operations.  It  improves  preparedness  and  assures  effective  response  to  unexpected 
events,  from  cyber  attacks  to  natural  disasters.  By  delivering  real-time  command  and  control, 
expediting  communication  and  coordination  among  all  parties,  and  embedding  a  critical 
planning  and  readiness  capability,  Peregrines  Crisis  Response  System  is  the  most 
effective  platform  to  meet  today’s  most  critical  needs.  For  more  information,  visit 
www.peregrine.com/cm  or  call  800.632.6347. 


C*  Peregrine 

^  SYSTEMS. 


CRM 


revenue.  The  credit  union’s  product  manager 
was  also  able  to  see  just  how  many  sales  he 
would  need  in  order  to  make  the  launch 
profitable.  Based  on  market  conditions  and 
previous  product  launches,  he  decided  it  was 
doable.  Although  Surrey  Metro  won’t  give 
details,  it  says  MetroMax  is  profitable. 

Having  customer  account  information 
close  at  hand  also  helps  Surrey  Metro 
Savings  act  immediately  and  independently 
on  customer  concerns  and  potential  prob¬ 
lems.  When  news  reports  came  in  about 


indicate  an  interest  in  another  financial 
product  from  the  61-year-old  credit  union. 
Recently  married?  The  service  reps  can  alert 
the  mortgage  department.  Nearing  65?  It’s 
time  to  adjust  for  retirement.  The  database 
analysis  tools  can  also  determine,  based  on 
historical  analysis,  which  current  accounts 
indicate  a  likelihood  of  interest  in  another 
product.  Those  people  with  North  Shore 
mortgages,  for  example,  are  more  likely  to 
open  a  North  Shore  checking  account.  The 
CRM  software  also  allows  North  Shore  to 


Whether  they  use  CRM  tools  and 
processes  for  pinning  down  profitability, 
cross-selling  or  honing  in  on  underserved  mar¬ 
kets,  small  businesses  have  an  advantage  dur¬ 
ing  implementation,  according  to  Khirallah. 
There’s  often  less  legacy  infrastructure  in  place 
to  work  around,  fewer  independent  silos  that 
need  to  be  unified,  and  easier  communication 
in  terms  of  training  and  managing  cultural 
change  because  staffs  are  small  and  local. 

“Smaller  institutions  have  a  much  easier 
time  with  CRM,”  says  Khirallah.  “In  a  large 


ft  WITH  CRM,  WE  WONT  BE  CALLING  A  15-YEAR-OLD  ABOUT  A  MORTGAGE 

OR  A  90-YEAR-OLD  ABOUT  INTERNET  BANKING.  ff 

-JEROME  LENGKEEK,  ASSISTANT  MANAGER  OF  DATABASE  MARKETING,  SURREY  METRO  SAVINGS 


debit  card  fraud  in  the  lower  mainland  area 
of  British  Columbia  a  year  ago,  Surrey 
Metro  was  able  to  generate  a  list  of  cus¬ 
tomers  who  might  have  been  victimized — 
they  had  unusual  activity  on  their  accounts  in 
the  days  prior — and  load  that  list  into  the 
bank’s  call  center  dialing  software  in  less  than 
an  hour.  “Now  when  we  have  a  hot  topic  or 
an  emergency,  we  can  drop  everything  and 
pump  out  these  reports  and  lists  in  a  day  or 
two,”  Lengkeek  says.  “Before  CRM,  we 
were  very  slow  movers.” 

A  VERY  GOOD  YEAR 

Thirty  miles  away,  North  Shore  Credit 
Union  sought  to  use  its  CRM  solution  to 
further  engage  existing  members.  The  com¬ 
munity  credit  union  in  North  Vancouver, 
British  Columbia,  saw  its  assets  declining 
before  it  decided  to  invest  $1  million  on  the 
Pivotal  CRM  suite  for  sales,  marketing  and 
customer  service  in  summer  2000.  “Our 
board  was  very  concerned  about  the  size  of 
the  investment,  but  it  was  the  only  way  to 
go,”  explains  Chris  Catliff,  president  and 
CEO.  “If  you  don’t  implement  this  kind  of 
system,  your  revenues  are  destined  to  slowly 
erode.  Our  backs  were  against  the  wall.” 

The  software  alerts  member  service  rep¬ 
resentatives  (who  have  been  assigned  to  indi¬ 
vidual  accounts)  to  life  changes  that  may 


remain  on  its  customers’  good  side  by  asking 
them  how  and  when  they’d  like  to  be  con¬ 
tacted,  increasing  the  likelihood  of  a  positive 
response  to  a  pitch.  “In  the  past,  you  had 
direct  mail,  with  a  1  to  4  percent  response 
rate.  Then  there  were  call  centers  placing 
phone  calls  at  6  p.m.,  which  were  more  suc¬ 
cessful  but  irritated  the  hell  out  of  people,” 
says  Catliff.  “But  when  you’ve  picked  out  a 
product  specifically  tailored  to  the  customer 
and  have  their  member  service  representative 
e-mail  it  to  them,  they’ll  open  it  and  read  it.” 

Since  the  CRM  implementation,  North 
Shore  says,  the  credit  union  has  grown  its 
net  revenue  by  a  record  46  percent  in  2001 
and  has  seen  its  assets  climb  21  percent  to 
$600  million  without  a  penny  of  adver¬ 
tising,  mostly  by  pitching  more  products 
to  existing  customers.  “It  definitely  got  us 
out  of  our  doldrums,”  Catliff  says. 


PEER  RESOURCES 


The  Basics  of  CRM 

To  give  your  nontechnology  peers  the 
basics  of  CRM,  e-mail  them  What  Is 
CRM?  from  CIO’ s  online  sister  publica¬ 
tion,  Darwinmag.com,  or  The  ABCs  of 
CRM  at  CIO’s  Research  Center.  Go  to 
www.darwinmag.com  or  www.cio.com/ 
printlinks. 


organization,  they  have  to  figure  out  a  way 
to  convince  all  kinds  of  separate  lines  of 
business  to  embrace  an  enterprise  effort.  In 
a  smaller  institution,  it’s  easier  for  a  CEO  to 
walk  in  and  say,  ‘This  is  going  to  happen.’” 

By  putting  CRM  processes  and  software 
in  place  early,  the  systems  and  the  culture  cre¬ 
ated  around  them  can  grow  as  the  business 
does. “Every  small  bank  wants  to  be  a  bigger 
bank,”  says  Varricchio.  “There’s  a  benefit  to 
putting  these  systems  in  place  while  they’re 
small.  Then  they  can  scale  with  the  business.” 

Indeed,  local  and  regional  banks — and 
small  to  midsize  enterprises  in  many  indus¬ 
tries — that  don’t  deploy  CRM  as  part  of  a 
carefully  crafted  customer  strategy  may  find 
themselves  shrinking  instead  of  scaling. 

“Before  we  had  this  technology  in  place, 
the  industry  was  moving  so  quickly  that  we 
were  finding  ourselves  falling  further  and  fur¬ 
ther  behind,”  says  UNCB’s  Frey.  “But  now 
we’ve  not  only  caught  up,  we’ve  become 
much  more  progressive.  We’ve  retained  and 
are  increasing  our  levels  of  service — a  differ¬ 
entiator  in  and  of  itself.  And  now  we  can 
offer  more  of  the  broad  range  of  solutions 
that  customers  get  from  the  big  guys.”  HE1 


How  are  you  using  CRM  to  compete  as  a  small  to 
midsize  enterprise?  E-mail  Senior  Writer  Stephanie 
Overby  at  soverby@cio.com. 


108  CIO  JUNE  1,  2002  •  www.cio.com 


Rick  and  Steve  both  evaluated 
enterprise  software. 


Rick  snent  a  few  months... 

searching  Web  sites,  calling  suppliers 
for  materials,  requesting  information 
via  email  and  fax  and  compiling  this  data 
in  spreadsheets  for  further  study. 


Steve  snent  a  few  weeks... 

logged  on  to  the  free  Web  site 
www.  EnterpriseSoftwareHQ.  com, 

learning  about  each  solution,  making 
instant  side-by-side  comparisons 
and  preparing  an  automated  RFP. 


What  was  Rick  thinking? 

Introducing  EnterpriseSoftwareHQ.  The  headquarters  for  evaluating  enterprise  software  and  services. 


Looking  for  the  complete  word  on  Total  Solutions? 


Then  you'll  definitely  want  to  check  out  our  exclusive  three-part  series  for  executives — Total  Solutions  for  Manufacturing. 
These  online  events  will  explore  how  a  combination  of  new  standards,  the  rise  of  Web  services  and  the  Internet  has  led 
to  the  development  of  integrated  packages  for  IT  and  manufacturing  managers.  Plus,  you'll  have  the  opportunity  for  an 
online  chat  during  our  "Ask  the  Expert"  sessions  with  industry  experts.  To  find  out  dates  and  register  for  these  exciting 
programs,  just  log  onto  www.EnterpriseSoftwareHQ.com/manufacturing.asp. 


www.EnterpriseSoftwareHQ.com 


r 


EnterpriseSoftware  I  HQ 


An  information  service  provided  by  Thomas  Publishing  Company.  ©  2002  Thomas  Publishing  Company 


Inside 

Cool  Product 

Web  cameras  ....  11 4 

Under 

Development 

Heat  power . 116 

Companies 
to  Watch 

CenterRun:  Easing 
Web  management  118 

Pundits 

Bud  Bates . 120 


Watching  the  Detectives 


Computer  forensics  can  help  companies  uncover  the  digital  truth 

BY  MICHAEL  GOLDBERG 


Edited  by  Christopher 
Lindquist.  Send  your 
thoughts  and  ideas 
for  future  columns  to 
clindquist@cio.com. 


DOCUMENTS  SHREDDED  by  the  bushel.  E-mail 
deleted  en  masse.  Enron’s  auditors  told  the  world 
last  winter  that  they  had  destroyed  an  indeter¬ 
minable  amount  of  data  relating  to  the  com¬ 
pany’s  financial  meltdown.  But  Andrew  Rosen 


still  expects  to  figure  out  what  happened,  includ¬ 
ing  who  could  have  destroyed  what  and  when. 

Rosen,  president  of  ASR  Data  Acquisition  and 
Analysis  of  Cedar  Park,  Texas,  is  one  of  the  inves¬ 
tigators  sifting  through  systems  left  behind  in 


Internet  video. ..Hot  power.. .Web  applications. ..Wireless  woes 


110  CIO  JUNE  1,  2002  •  www .cio .com 


ILLUSTRATION  BY  DANIEL  RENNER 


The  New  Gateway  600X 

Presenting  the  ultimate  desktop  replacement.  With  its  head  turning  style, 
awe  inspiring  .processor  and  incredibly  expansive  screen,  the  completely 
portable  600X  is  everything  you  ever  wanted  in  a  desktop  to  go 
15.7"  SXGA  TFT  Active-Matrix  Display  •  Mobile  Intel  Pentium  4  Processor 
1,50GHz- M* Weighs  8.65  lbs,;  and  1,77"  thin  •  256MB  DDR  Memory  •  20GB  Ultra 
ATA  Hard  Drive  •  Modular  DVD/CD-RW  Combo  Drive  •  Internal  V  92  56K  Modem 
and  10/100  Ethernet  *  Internal  IEEE-1394  •  ATP  Mobility  Radeon  7500  with 
64MB  DDR  Memory  •  FREE  upgrade  to  Microsoft"  Windows' XP  Professional 
(limited  time  only)  •  Microsoft"  Works  Suite  2007  •  1-Year  Limited  Warranty 


Stylish  and  affordable,  the  new  450X  is  the  perfect  combination  of  performance, 
portability  and  price.  And  beneath  its  cutting-edge  exterior  you'll  find  the  world's  most 
cutting-edge  mobile  processor::  the  new  Mobile  Intel  Pentium  4  Processor  M 
15"  XGA  TFT  Active-Matrix  Display  •  Mobile  Intel  Pentium  4  Processor  140GHz  M 
Weighs  6.01  lbs.1  and  1,30"  thin  •  256MB  DDR  Memory  •  20GB  Ultra  ATA  Hard  Drive 
Modular  8X  DVD-ROM  or  8X  CD-RW  Drive  •  Internal  V, 92  56K  Modem  and  10/100 
Ethernet  •  4X  AGP  32MB  Video  Memory  •  FREE  upgrade  to  Microsoft  "  Windows  XP 
Professional  (limited  time  only)  •  Microsoft  Works  Suite  2002*  •  1-Year  Limited  Warranty 


Every  day  the  demands  of  business  get  more  demanding.  Which  is  why  we  designed  the  new  Gateway®  600X  and  450X  notebooks 
around  the  sophisticated  power  management  of  the  world’s  fastest  mobile  processor:  the  Mobile  Intel®  Pentium®  4  Processor-M.  Superior 
multimedia  and  graphic  capabilities.  Significantly  extended  battery  life.  Seamless  connectivity.  Slim- almost  aerodynamic- design 
The  new  Gateway  600X  and  450X  notebooks.  So  slick,  they’ll  make  you  look  good  even  when  they’re  closed.  Call  us  at  1-877-239-5535, 


Limited-Time  Offer 

Protect  your  Gateway  notebook  against  costly  repairs  due  to  power  surges  and  natural  disasters 

One-year  accidental-damage  protection  and  a  casual  carrying  case  for  $99,  with  the  purchase  of  any  Gateway  business  notebook. 

(Offer  ends  7/31/02.) 


Gateway®  PCs  use  genuine  Microsoft'"’  Windows' 


Pentium  4 


gateway.com  AOI  Keyword:  Gateway 


|  v  'KW  rams  will'  oijlions  Maximum  data  transfer  rale  dependent  upon  multiple  variables  Pocket  Streets  for  Microsoft  Windows  CE  requires  Windows  CE  2  0  or  later  Hardware  available  separately  Limited  warranties  and  service  agreements  apply  visit  gateway  com  01  call  I  800  84b  2000  loi  a  tree  i  opy  Pm , ,  and 
lonliguiations  subiect  to  change  without  notice  or  obligation  Puces  exclude  shipping  and  handling  and  taxes  Not  responsible  loi  typographical  errors  Exclusions  apply  Visit  gateway.com  or  call  1  800  846  2000  lor  a  liee  copy  ol  applicable  terms  and  conditions  Nol  available  in  all  states  ©200?  Gateway  liu 
III  lights  reserved  Gateway  Terms  X  Conditions  ol  Sale  apply  Gateway  coni  and  Gateway  Country  Stores.  LIC.  are  separate  legal  entities  Gateway,  (he  Gateway  Stylized  logo  and  the  Black  and  White  Spot  Design  are  trademarks  or  registered  trademarks  ul  Gateway  Inc  in  the  U  S  and  other  countries  The  Intel  Inside  I  ugo 
lilel  and  Pentium  are  registered  trademarks  ol  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  All  oilier  brands  and  product  names  aie  trademarks  or  registered  trademarks  ul  their  rexp&live  companies  Ad  Code  008393 


what  observers  believe  is  one  of  the  largest 
computer  forensics  investigations  ever. 
Rosen  declined  to  provide  details  about 
his  Enron-related  work,  except  to  say:  “It’s 
a  lot  easier  to  do  the  computer  forensics — 
to  see  what  was  printed,  what  was  deleted, 
what  was  sent  and  received — than  it  is  to 
tape  thousands  of  papers  back  together.” 

Long  practiced  by  law  enforcement, 
(the  FBI  recently  announced  it  was  open¬ 
ing  three  new  computer  forensics  centers 
around  the  country),  computer  forensics 
tools  have  become  common  at  many  large 
corporations,  security  service  companies 
and  specialty  outfits  such  as  Rosen’s.  The 
science  of  analyzing  the  bits  and  bytes  left 


behind  on  a  magnetic  disk — carefully  pre¬ 
serving  them  to  show  how  the  data  looked 
when  last  altered  by  a  user  of  the  system — 
is  a  powerful  tool  for  in-house  investiga¬ 
tors  working  to  enforce  computer  usage 
policies,  examine  the  online  behavior  of  a 
disgruntled  employee  or  help  track  down 
a  malicious  code  author. 

The  forensics  toolmakers,  which  are 
the  usual  suspects  in  this  field,  include 
AccessData  in  Provo,  Utah;  Guidance 
Software  in  Pasadena,  Calif.;  New 
Technologies  Armor  in  Gresham,  Ore.; 
along  with  developers  at  university  labs 
and  security  consultants  such  as  Cambridge, 
Mass. -based  @Stake.  Those  companies 
are  giving  investigators  more  powerful 
ways  to  analyze  the  gigabytes  left  behind 
on  the  storage  media  inside  a  subject  com¬ 
puter  (meaning,  in  an  investigation  like  the 
Enron  case,  mostly  Windows  servers,  PCs 
and  laptops). 

State-of-the-art  computer  forensics 
tools  make  it  possible  to  keep  up  with  the 
growing  number  of  places  digital  evidence 


- -  Emerging 

hides — enabling,  for  example,  Dutch 
police  to  recover  location-based  data  from 
a  car’s  navigation  system  and  allowing 
examiners  to  retrieve  information  from  a 
handheld  computer.  But  it  takes  costly 
training  to  develop  the  expertise  to  make 
computer  forensics  valuable  to  business 
and  law  enforcement.  And  it  could  take 
years  on  the  job  before  an  investigator 
passes  muster  at  the  ultimate  testing 
ground:  as  an  expert  witness  in  court. 

CIOs  should  take  note.  If  you  advocate 
the  formation  of  an  in-house  computer 
forensics  team,  or  HR  tells  you  it’s  a  must, 
get  your  people  trained  before  buying  any 
software.  (The  biggest  vendors  in  this  field 


offer  training  courses,  where  you’ll  likely 
also  find  police  and  private  investigators  in 
the  student  body.)  And  even  then,  you  will 
still  want  to  look  at  security  services  com¬ 
panies  to  compare  their  offerings. 

“The  skill,  experience  and  knowledge 
of  the  operator  add  a  great  deal  of  value  to 
the  output  of  the  applications,”  says  Bill 
Boni,  chief  information  security  officer 
at  Motorola  in  Schaumburg,  Ill.  “The 
investigative  mind-set  to  understand 
human  behavior  and  activities  can  put 
things  in  context  and  help  weight  them” 
during  an  inquiry. 

Boni  says  this  required  know-how 
makes  it  common  for  companies  to 
employ  a  combination  of  in-house  trained 
experts  and  consultancies  that  specialize 
in  responding  to  network  intruders  and 
other  incidents.  The  demand  for  foren¬ 
sics  services  is  modest,  but  growing.  IDC 
(a  sister  company  of  CIO's  publisher, 
CXO  Media)  projects  that  the  market  for 
incident  response  services,  which  includes 
computer  forensics  services,  will  rise  from 


Technology  | - 

$133  million  in  2001  to  reach  $284  mil¬ 
lion  by  2004. 

Here’s  a  crib  sheet  of  three  issues  sum¬ 
marizing  what  you  should  know  about 
computer  forensics  technology. 

1.  You  Need  the  Right  Tool 
for  the  Right  Job. 

Since  each  operating  system  has  its  own 
ways  of  writing  to  a  disk  and  managing 
files,  forensics  tools  need  to  closely  follow 
suit  to  create  copies  of  evidence  for  analy¬ 
sis  and  to  examine  what’s  there  (includ¬ 
ing  what’s  recoverable  after  an  attempted 
file  deletion)  using  a  view  with  a  PC-style 
graphic  interface.  The  popular  forensics 
software  packages,  such  as  AccessData 
Development’s  Forensic  Toolkit  (FTK), 
EnCase  from  Guidance  and  NTI’s  Safe- 
Back,  can  examine  Windows  PCs  and  ser¬ 
vers.  (Promised  improvements  are  on  the 
way,  though.  For  example,  AccessData 
Vice  President  Steve  Elderkin  says  that 
Linux,  Macintosh  and  other  FTK  versions 
will  be  released  starting  later  this  year.) 

A  forensics  investigation  in  a  primarily 
Unix  shop,  running  Linux  servers,  for 
example,  could  begin  with  an  open-source 
program  known  as  The  Coroner’s  Toolkit 
(TCT),  says  Brian  Carrier,  a  research  scien¬ 
tist  at  @Stake.  Carrier’s  team  has  developed 
its  own  toolkit  that  builds  on  TCT  while 
boosting  its  analysis  capabilities.  And  his 
company  has  created  a  forensics  tool  called 
PDD  (Palm  Disk  Duplicator)  to  acquire 
data  recovered  from  Palm  OS  devices. 

That  those  analysis  capabilities  con¬ 
tinue  to  improve  is  vital.  Forensics  practi¬ 
tioners  say  a  big  challenge  for  the  forensics 
toolmakers  is  to  keep  up  with  the  grow¬ 
ing  gaggles  of  gigabytes  that  come  with 
the  average  PC  or  laptop. 

One  of  the  keys  is  being  able  to  organ¬ 
ize  and  scan  large  amounts  of  data,  says 
James  E.  Gordon,  Los  Angeles-based 

cio.com _ 

For  more  on  computer  forensics,  see 

I.T.  AUTOPSY  atwww.cio.com/printlinks. 


Long  used  by  law  enforcement,  computer 
forensics  tools  have  become  common  at 
many  large  corporations. 


112  CIO  JUNE  1,  2002  •  www.cio.com 


Word  on  the  Street: 
Migrate  to  Linux. 


On  Wall  Street,  technology  performance  means  money. That's  why  Red  Hat®  Linux® 
and  Compaq  ProLiant™  servers  quietly  power  many  of  the  world's  top  financial  firms. 

No  wonder.  Linux  is  open  source.  You  can  see  the  code.  You  stay  in  control. 

And  you  won't  get  trapped  again  by  proprietary  technology. 

Red  Hat  Linux  Advanced  Server  is  the  enterprise  platform  for  UNIX  to  Linux 
migration.  Scalable  performance.  Stabilized  releases.  Support  from  top  software 
vendors  you  already  use. 

Red  Hat  and  Compaq  —  enterprise-ready,  no  matter  what  street  you're  on. 

Go  to  www.redhat.com/explore/street 


COMPAQ.  4}  redhat 


©  2002  Red  Hat,  Inc.  All  rights  reserved. "Red  Hat,"  Red  Hat  Linux,  the  Red  Hat  "Shadow  Man"  logo,  and  the  products  listed  are  trademarks  or 
registered  trademarks  of  Red  Hat,  Inc.  in  the  US  and  other  countries.  COMPAQ,  the  Compaq  logo  and  ProLiant  are  registered  in  the  U.S.  Patent 
and  Trademark  Office.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  All  other  trademarks  are  the  property  of  their  respective  owners. 


1-866-2REDHAT  #4 


Emerging 


vice  president  of  Pinkerton  Consulting 
and  Investigations. 

“There’s  room  for  fine-tuning.  The 
issue  is  more  the  amount  of  information 
being  reviewed,  and  the  critical  aspect  of 
that  is  digital  document  management,”  he 
says.  “Three  years  ago,  I  had  a  10  gig  hard 
drive.  Now  there’s  a  40  gig  hard  drive  on 
my  laptop.  The  ability  to  analyze  and 
process  all  that  information  is  critical.” 

2.  Detectives  Watch  the  Network  Too. 

The  search  for  computer  forensics 
evidence  extends  beyond  a  suspect’s 
hard  drive. 

Boni,  who  heads  the  in-house  forensics 
team  at  Motorola,  says  that  computer 


security  architect  with  Guardent,  says  that 
in  using  these  kinds  of  network  monitor¬ 
ing  tools  he  has  reconstructed  incidents 
such  as  an  employee  hacking  into  his 
work  e-mail  account  to  do  some  mischief. 
For  that  case,  Barbin  looked  at  a  variety  of 
logs  (e-mail  server,  VPN  connection  and 
others)  to  trace  activities  to  an  individual 
worker.  He  then  followed  the  trail  back 
to  the  employee’s  work  PC  and  home  PC. 

“Network  forensics  is  always  a  start, 
but  what  seals  the  deal  in  court  is  the  static 
forensics”  that  tells  of  activity  on  a  sub¬ 
ject’s  computer,  Barbin  says. 

There’s  another  way  computer  forensics 
may  use  networking.  In  March,  Guidance 
Software  started  beta  testing  a  version  of 


If  you  expect  that  your  digital 
forensics  discovery  will  lead  to  court, 
it’s  important  to  talk  to  lawyers  who 
have  worked  with  different  security 
consultants  and  forensics  experts. 


forensics  grew  out  of  law  enforcement’s 
need  to  document  criminal  wrongdoing. 
But  the  corporate  focus  of  forensics  has 
to  be  on  a  company’s  capabilities  to  inves¬ 
tigate  network  intrusions,  such  as  website 
defacements.  To  understand  how  some¬ 
one  perpetrated  such  an  incident  is  to 
begin  solving  who  did  it — and  how  to  pre¬ 
vent  its  duplication  in  the  future. 

Security  experts  say  that  they  use  soft¬ 
ware  to  act  as  sentries  at  the  network  walls. 
Shimon  Gruper,  executive  vice  president  of 
Internet  security  technology  at  Aladdin 
Knowledge  Systems,  a  security  company 
and  consultancy  in  Arlington  Heights,  Ill., 
says  his  company  uses  Linux  shareware 
and  freeware  tools  to  identify  and  monitor 
the  activity  of  Internet  vandals  and  worms 
in  order  to  trace  their  source. 

Doug  Barbin,  a  San  Francisco-based 


its  EnCase  Enterprise  edition  forensics 
package  that  would  allow  an  investiga¬ 
tor  in  Los  Angeles  to  examine  a  subject’s 
computer  in  New  York  City  using  a  wide 
or  local  area  network  connection.  Bill 
Tulloss,  director  of  sales  and  operations 
at  Guidance  in  Pasadena,  Calif.,  says  cor¬ 
porate  testers  of  the  product  will  answer 
questions  about  ease  of  use  and  network 
strain  that  the  application  may  cause;  but 
he  expects  most  customers  would  conduct 
such  WAN-based  exams  at  night  or  dur¬ 
ing  off-peak  usage  times. 

3.  There’s  More  Than  One  Way  to  Use 
Computer  Forensics  Technology. 

Forensics  experts  generally  laugh  when 
asked  if  their  work  comes  into  play  only 
when  bad  things  happen  to  good  com¬ 
puter  systems.  But  in  fact,  both  vendors 


Technology 


Cool 

Product 


See  It  All 

INTERNET-ENABLED  cameras 
that  let  you  view  images  of 
remote  locations— your  front  door, 
the  baby’s  room,  the  back  yard 
and  such— have  been  available  for 
a  while,  but  they  were  often 
pricey.  Now  there  are  a  couple 
more  cost-effective  options. 

The  Panasonic  KX-HCM10 
Network  Camera  sells  for  about 
$350  (street  price)  and  lets  you 
remotely  view  video  images  and 
control  the  camera  from  any  Web 
browser.  Just  attach  an  Ethernet 
cable  (no  PC  necessary  for  opera¬ 
tion),  and  it’s  ready  to  go.  You 
can  even  attach  optional  sound, 
motion  or  light  sensors  to  the 
camera  and  have  it  automatically 
e-mail  you  an  image  when  triggered 
( www.panasonic.com/netcam ). 

If  $350  is  still  too  expensive, 
check  out  XIO’s  Ninja  Pan  'n  Tilt 
Wireless  Camera  Kit  setup.  About 
$260  gets  you  a  pan-and-tilt 
base;  a  wireless  (100-foot  maxi¬ 
mum  range)  color  video  camera 
that  can  transmit  to  a  VCR,  moni¬ 
tor  or  PC;  a  wireless  receiving 
unit  with  USB  video  capture 
adapter;  a  PC  transceiver;  a 
remote  control;  a  motion  sensor; 
and  software  ( www.xl0.com ). 

Neither  camera  is  weather¬ 
proof,  so  you  need  to  keep  them 
indoors.  Nor  do  their  low  prices 
buy  you  crystalline  images.  But 
they  make  an  affordable  way  to 
keep  a  watchful  eye  on  your  stuff. 

- Christopher  Lindquist 


114  CIO  JUNE  1,  2002  •  www.cio.com 


Scalable  IP  security  without  breaking  the  bank. 


How  do  you  harness  the  power  and  reach  of 
the  Internet  in  a  way  that  provides  security 
and  allows  you  to  scale  your  network?  How 
do  you  do  this  without  breaking  your  IT 
budget?  Look  no  further  than  the  Contivity™ 
1000  family  with  Secure  Routing  Technology. 
The  Contivity  1000  Series  enables  businesses 
to  easily  build  and  manage  large  VPN  networks,  using  dynamic  routing  protocols 
over  encrypted  tunnels.  In  addition  to  support  for  dynamic  routing  (RIP  and  OSPF),  it 
comes  fully  loaded  with  remote  access  VPN,  site-to-site  VPN,  firewall,  QoS  and 
bandwidth  management.  And  here's  the  good  part  -  mix-and-match  services.  You 
only  buy  the  services  you  need  initially  and  turn  up 


Meet  the 
Contivity  1000 
Series 


Starting 

the  rest  when  you're  ready.  It's  as  easy  as  turning  on  a 

under  $1,000 

license  key.  No  multiple  boxes.  No  installation  hassles. 

Low  TCO.  The  Contivity  1000  can  be  installed  as  a  stand-alone  IP  access  gateway 
(with  5  free  VPN  tunnels)  or  behind  an  existing  WAN  access  device,  totally  off-loading 
all  security  processing.  For  more  information,  visit  nortelnetworks.com/contivity. 


Nortel  Networks,  the  Nortel  Networks  logo,  the  Globemark  and  Contivity  are  all  trademarks  of  Nortel  Networks.  ©2002  Nortel  Networks 
All  rights  reserved. 


N©RTEL 

NETWORKS 


Metro  &  Enterprise  Networks 


Optical  Long  Haul  Networks 


Wireless  Networks 


nortelnetworks.com 


and  practitioners  say  that  forensics  tools 
can  come  in  handy  in  cases  where  critical 
corporate  documents  have  been  deleted 
inadvertently  and  need  to  be  recovered, 
or  if  there’s  damage  to  a  building  where 
computers  reside  and  there’s  a  chance  to 
rehabilitate  what  information  was  lost  or 
not  backed  up  properly. 

That’s  computer  forensics  as  last-ditch 
backup.  There’s  also  the  caveat  emptor 
about  the  still-evolving  field  of  computer 
forensics.  The  experts  urge  CIOs  to  recog¬ 
nize  that  there’s  a  relative  lack  of  standards 
for  collecting  digital  evidence  and  a  lack 
of  a  certification  process  for  investigators. 

“If  you  have  an  ongoing  need  to  do 
compliance  monitoring,  in  dealing  with 
things  like  HR  and  hostile  workplace  alle¬ 
gations,  these  [computer  forensics]  tools 
can  be  very  beneficial,”  says  Rosen,  the 
forensics  investigator.  But,  he  adds,  there’s 
a  distinction  between  developing  these  tal¬ 
ents  in-house  and  presenting  computer 
forensics  findings  that  meet  evidentiary 
standards  in  court. 

Both  points  emphasize  the  critical  need 
to  find  referrals  for  technology  vendors’ 
products,  for  training  courses  and  for  con¬ 
sultants’  services. 

Referrals  from  other  CIOs  and  IT  prac¬ 
titioners  are  best  for  technology  choices. 
And  if  you  expect  that  your  digital  foren¬ 
sics  discovery  will  lead  to  court,  it’s  impor¬ 
tant  to  talk  to  lawyers  who  have  worked 
with  different  security  consultants  and 
forensics  experts  to  find  the  best  one,  says 
Matthew  Schwartz,  a  partner  in  the  insol¬ 
vency  and  litigation  services  department 
and  chairman  of  the  technology  commit¬ 
tee  at  Bederson  &  Co.  in  West  Orange,  N.J. 
“You  don’t  have  to  talk  about  a  specific 
case,  you  don’t  have  to  know  the  litigants, 
but  you  need  to  see  a  written  plan.  How 
do  you  document  very  specifically  your 
procedures?  So  in  court  we  don’t  have 
someone  saying  you  made  this  stuff  up,” 
Schwartz  says.  ■ 


E-mail  Executive  Editor  Michael  Goldberg  at 
mgoldberg@cio.com. 


Emerging  Technology 


UNDER  DEVELOPMENT 

Electricity 


Hot  Chip 

“WASTE  HEAT”  isn’t  a  term  that  Van  Kucherov  likes  to  hear.  The  R&D  director  at 
Eneco,  a  Salt  Lake  City  energy  research  company,  prefers  to  view  the  process  as 
potential  energy.  That’s  why  Kucherov  has  teamed  up  with  Peter  Hagelstein,  an  MIT 
physicist,  to  develop  a  chip  that  can  convert  heat— from  a  car  engine,  a  light  bulb  or 
even  the  sun  itself— into  electrical  power. 

The  technology  behind  the  chip— the  thermal  diode— dates  back  to  the  late  19th  cen¬ 
tury,  when  Thomas  Edison  discovered  the  discharge  of  electrons  from  heated  materials 
that  eventually  led  to  the  development  of  the  vacuum  tube. 

Attempts  during  the  past  several  decades  to  replicate  his  discovery,  subsequently 
called  the  Edison  Effect,  in  semiconductors  have  failed  because  of  an  inability  to  create  a 
required  vacuum  gap  between  layers.  Kucherov  and  Hagelstein  sidestepped  this  problem 
by  replacing  the  vacuum  gap  with  layers  of  an  electron-rich  semiconducting  material. 

At  the  relatively  low  temperature  of  392  degrees  Fahrenheit  (200  degrees  Celsius), 
the  device  generated  electricity  at  more  than  twice  the  efficiency  of  bulky  traditional 
thermoelectric  conversion  devices  operating  at  comparable  temperatures. 

The  chips’  applications  are  virtually  unlimited,  since  the  electricity  it  generates  could 
be  used  to  power  devices  ranging  from  laptop  computers  to  electric  cars.  “Solid-state 
energy  conversion  is  noiseless  and  lightweight,”  says  Kucherov.  The  technology  also  has 
a  flip  side.  “In  theory,  this  device  is  thermodynamically  reversible,  so  efficient  refrigera¬ 
tors  can  be  based  on  this  principle,”  Kucherov  says. 

The  researchers’  goal  is  to  further  lower  the  technology’s  operating  temperature  and 
to  reach  a  cost-power  ratio  of  about  10  to  20  cents  per  watt.  “We're  not  there  yet,” 
admits  Kucherov,  who  nonetheless  believes  that  a  marketable  technology  could  arrive  in 
as  soon  as  two  to  three  years.  -John  Edwards 


116  CIO  JUNE  1,  2002  •  www.cio.com 


ILLUSTRATION  BY  KURT  VARGO 


We're  also  America's  Big  Wheel  in  Small  Tech. 

This  new  industry  researches  and  develops  tiny  machines 
also  known  as  Microelectromechanical  Systems  (MEMS), 
Microsystems  and  nanotechnologies. 

Small  Tech  is  currently  being  developed  at  Michigan  com¬ 
panies  like  Dexter  Research,  whose  infrared  detectors 
shown  above,  have  been  commercialized  for  the  health¬ 
care  and  safety  industries. 


Other  Small  Tech  developments  in  Michigan  are  enabling 
technologies  across  the  states  high-tech  sectors  including 
the  deployment  of  automotive  airbag  systems,  portable 
"DNA  lab-on-a-chip"  for  law  enforcement,  and  implantable 
drug  delivery  systems. 

While  we  are  the  proud  birthplace  and  continuous  innova¬ 
tor  of  the  automotive  industry,  Michigan  is  also  pioneering 
the  newest  technology  industries.  Small  Tech 
is  just  one  example.  For  more,  call  1.800.946.6829  or  visit 
www.michigan.org. 


www.michigan.org 


MICHIGAN 


GREAT  LAKES.  GREAT  LOCATION. 


Emerging  Technology 


COMPANIES  TO  WATCH 

CenterRun  inc. 


Ready,  Aim,  Deploy 


CenterRun  targets  Web  app  management 

BY  STEPHANIE  OVERBY 


LARGE  ENTERPRISES  have  been  devel¬ 
oping  custom  Web  applications  at  a  rapid 
rate.  And  they’re  often  doing  it  with  little 
thought  given  to  how  the  company’s  data 
center  employees  will  be  able  to  keep  up 
with  the  configuration,  rollout  and  day-to- 
day  management  of  this  complex  and 
increasingly  mission-critical  software.  So 
says  CenterRun,  a  Redwood  City,  Calif.- 
based  startup  selling  software  to  automate 
the  configuration  and  deployment  of  Web 
applications  in  enterprise  data  centers 
from  a  central  console. 

Because  Web-based  applications  don’t 
sit  on  a  single  server — but  often  on  as 
many  as  a  hundred  in  varying  loca¬ 
tions — they’ve  become  a  bit  of  a  manage¬ 
ment  nightmare  for  anyone  charged  with 
monitoring  and  upgrading  them  at  big 
companies.  The  applications  are  often 
constructed  with  custom  code,  custom 
content  and  software  products  from  mul¬ 


tiple  vendors.  They  run  on  separate  hosts 
and  are  replicated  many  times  in  order 
to  scale  as  needs  grow.  In  the  past,  each 
host  and  its  software  components  were 
deployed,  configured  and  maintained 
manually  and  separately.  To  deal  with  the 
time-consuming  and  error-prone  manage¬ 
ment  process,  most  enterprise  data  cen¬ 
ters  have  either  built  custom  scripts  to 
help  alleviate  management  problems  or 
developed  documentation  spelling  out  the 
manual  process  employees  must  follow. 

CenterRun  solves  the  problem  by  cre¬ 
ating  a  bridge  between  the  application 
developers  who  build  the  Web  products 
and  the  operations  folks  who  must  imple¬ 
ment  them.  The  “application  aware” 
software  understands  the  variety  of  com¬ 
ponents  that  make  up  a  Web  application 
and  how  those  components  interrelate. 
As  a  result,  unlike  other  systems  manage¬ 
ment  products  that  focus  on  distributing 


watching... 

CenterRun  Inc. 

Headquarters  Redwood  City,  Calif. 
Founded  2000 
Number  of  Employees  43 
Products  Data  center  software 
Reason  to  watch  Automates  the 
configuration  and  deployment  of 
Web  applications 

Hurdles  Companies  that  have  cre¬ 
ated  their  own  solutions  to  Web 
application  management  and  dis¬ 
trustful  data  center  professionals 

Web  link  www.centerrun.com 


software  at  the  file  and  directory  level, 
CenterRun  provides  end-to-end  automa¬ 
tion  at  the  application  level.  It  supports 
IBM  AIX,  Linux,  Microsoft  Windows 
and  Solaris  platforms.  Its  preconfigured 
application  components  support  most 
prevalent  Web  and  application  servers, 
databases  and  load  balancers,  including 
Apache,  ATG  Dynamo,  BEA  Weblogic, 
IBM  WebSphere,  iPlanet  Web  server  and 
Microsoft  IIS/ASR 

It  sounds  useful,  but  CenterRun  faces 
some  roadblocks.  First,  it  must  convince 
corporations  to  replace  the  custom  solu¬ 
tions  and  elaborate  management  processes 


Web-based 
applications  have 
become  a  bit  of 
a  management 
nightmare. 


they’re  already  using.  And  getting  them 
to  do  that  means  dealing  with  data  center 
professionals  reluctant  to  trust  an  auto¬ 
mated  solution. 

Still,  the  increasing  Web  app  complex¬ 
ity  makes  products  such  as  those  from 
CenterRun  appealing.  “This  kind  of 
product  is  going  to  become  increasingly 
important  because  of  the  proliferation  of 
component-based  architecture  at  large 
enterprises,”  says  Jasmine  Noel,  director 
of  systems  and  applications  management 
at  the  Hurwitz  Group  in  Framingham, 
Mass.  “A  lot  of  these  custom  Web  appli¬ 
cations  are  moving  out  of  development 
and  into  production,  and  as  you  see  them 
being  rolled  out,  the  interest  in  how  com¬ 
panies  are  going  to  manage  them  has 
increased.  Today,  people  are  rolling  out 
new  modules  and  capabilities  just  about 
every  week,  so  the  need  for  constant 
management  of  those  components  is  only 
going  to  increase  over  time.”  ■ 


118  CIO  JUNE  1 ,  2002  •  www.cio.com 


PHOTO  BY  PLASTOCK/PHOTONICA 


"Tallan  is  different  from  other 

TECHNOLOGY  FIRMS.  THEY  GET  THE 

job  done.  Period.” 


Most  of  our  client  comments  are  equally  flattering.  Why?  We  become  deeply  involved  in  clients’ 
businesses  -  delivering  software  development,  enterprise  infrastructure,  creative  design  and 
strategic  technology  direction.  Our  highly  skilled  project  teams  are  often  considered  to  be  valued 
members  of  clients’  IT  organizations.  Plus,  we  work  smarter  by  staying  on  top  of  the  best  new 
solutions  for  e-business/e-commerce,  data  warehousing,  supply  chain,  and  enterprise  application 
development.  The  result:  unmatched  client  satisfaction.  And  some  really  nice  quotes. 


Tallan 

Raicp  Ynnr  IT  if) 


Call  us  to  discuss  your  next  project  at  1-877-9TALLAIM 
Or  visit  www.tallan.com 


TALLAN  CLIENTS  INCLUDE: 


eJyV  BARNES&NOBLE  kinkO'S  AS0UNDVIEW 


best 

buy 


uBid  .com 

WK«f*  you  win  at  paying  l«u 


INGRAM 


MICRO 


TALLAN  IS  a  REGISTERED  TRADEMARK  OF  TALLAn,  INC.  ALL  OTHER  TRADEMARKS  ARE  THE  PROPERTY  OF  THEIR  RESPECTIVE  HOLDERS. 


Emerging  Technology 


PUNDITS 

Bud  Bates 


Wireless  Carriers  Have 
the  Goods 

But  they  lack  the  talent  to  make  GSM  and  GPRS  work 


NOT  LONG  AGO,  I  started  to  read  about 
all  the  North  American  cellular  vendors’ 
efforts  to  develop  and  implement  a  global 
system  for  mobile  communication  (GSM) 
architecture  (with  all  its  relevant  data 
transfer  and  communications  benefits)  to 
replace  their  wireless  North  American 
analog  and  digital  networks.  Being  a  com¬ 
munications  author  and  consultant,  it 
seemed  that  I  should  find  out  what  these 
vendors  were  up  to. 

My  first  call  was  to  a  major  provider 
whose  in-the-works  Seattle-area  net¬ 
work  had  been  written  up  in  several 
trade  magazines.  Upon  calling  the  com¬ 
pany,  I  was  directed  to  the  customer 
services  group,  where  a  representative 
told  me  that  the  company  did  not  offer 
GSM!  This  representative  also  did  not 
know  what  GPRS  (general  packet  radio 
service — GSM’s  always-on  data  stan¬ 
dard)  meant.  Undaunted  by  this  “closed 
encounter  of  the  first  kind,”  I  set  out  to 
find  someone,  somewhere  who  knew 
what  I  was  talking  about. 

My  next  attempt  involved  a  conversa¬ 
tion  with  the  provider’s  marketing  group. 
There  I  was  told  that  the  company  was 
installing  GPRS  on  top  of  its  North 
American  network,  and  that  it  would  talk 
only  to  corporations  that  would  have  200 
or  more  subscribers.  I  tried  a  new  tactic.  I 
was  developing  a  seminar  on  GSM  and 
GPRS  as  well  as  writing  a  book  on  the 
same  subject,  and  “Was  there  anyone  to 
whom  I  could  speak,  and  get  more 
details?”  The  answer?  The  company  was 
under  privacy  about  that  subject,  and  no 
one  in  the  company  knew  where  it  was 


Service  providers 
all  claim  that  3G 
wireless  services 
(like  GSM  and 
GPRS)  will 
save  them. 


being  installed  or  when  it  would  become 
available,  nor  would  anyone  want  to 
speak  about  it. 

Next,  I  went  to  another  major  provider. 
I  knew  that  this,  company  was  owned  by 
an  international  organization,  and  that  it 
had  already  rolled  out  its  GSM  network 


throughout  the  United  States.  That 
meant  adjusting  the  GSM  network  to 
handle  GPRS  would  require  no  major 
innovations,  which  gave  me  some  hope. 
Miraculously,  I  was  advised  that  the 
company  was  indeed  offering  GSM  and 
GPRS  services.  Hallelujah!  I  ran  down  to 
the  local  store  to  sign  up  for  the  service. 
I  even  brought  my  own  GSM/GPRS 
device  (a  Motorola  Accompli — it’s  a  mas¬ 
terful  PDA,  phone  and  always-on  Internet 
access  device). 

I  chose  the  basic  service,  subscribed  and 
set  about  to  attempt  my  own  configura¬ 
tion.  I  met  with  limited  success.  While 
some  items  worked,  others  did  not.  After 
some  trial  and  error,  I  decided  it  was  time 
to  call  tech  support:  Luckily  this  group 
understood  what  the  acronyms  stand  for 
and  attempted  to  walk  me  through  the 
setup  process. 

Unfortunately,  these  same  support  folks 
were  working  strictly  off  a  worksheet  pre¬ 
pared  for  them — and  some  of  my  prob¬ 
lems  weren’t  covered  on  the  sheet.  After 
a  bit  of  cajoling  and  prodding  I  finally 
came  to  the  conclusion  that  no  one  really 
knew  what  this  all  meant.  I  don’t  surren¬ 
der  easily,  however,  and  after  a  few  days  of 
playing  with  this,  that  and  the  other  set¬ 
ting,  I  finally  got  everything  to  work  on 
my  own. 

My  point  is  that  every  day  I  read  about 
how  the  wireless  carriers  are  “dying,”  and 
that  their  market  is  drying  up.  Yet  at  the 
same  time,  they  all  claim  that  3G  wireless 
services  (like  GSM  and  GPRS)  will  save 
them.  But  how  can  they  get  to  that  point 
with  the  poorly  trained,  ill-advised  tech 
support  and  marketing  folks?  Who  will 
step  forward  and  take  responsibility?  It’s 
certain  that  3G  is  coming,  but  it  won’t  be 
on  most  consumers’  radar  screens  unless 
these  vendors  finally  get  their  act  together 
and  show  at  least  some  understanding  of 
the  products  and  services. 

Bud  Bates  is  the  author  of  books  on  wireless 
broadband  and  GPRS  from  McGraw-Hill.  He  can 
be  reached  at  bud@tcic.com. 


120  CIO  JUNE  1,  2002  •  www.clo.com 


PHOTO  BY  STEVE  CRAFT 


Print 


Greeting  froK 

Nassa 


ev 

\k'. 

th  Da 

ta! 

A/ere  ; 

»h< 

Opinion 


Re: 

The  CSO:  A  Must-Hire 
"What  If  Disaster  Planning 


The  CSO 
A  Must-Hire 

BY  JUDY  B.  HOMER 

SEPT,  11,  2001,  was  a  wake-up  call  to  corporate  America.  All  of  us 
have  been  made  painfully  aware  of  an  urgent  need  to  assess 
and  upgrade  the  security  protecting  our  information  systems, 
and  to  protect  the  privacy  and  physical  security  of  our  work¬ 
places.  As  a  key  step  in  achieving  those  goals,  companies  need 
to  establish  a  new  executive-level  position,  that  of  the  chief  secu¬ 
rity  officer  (CSO).  If  your  company  doesn’t  already  have  one, 
the  CSO  will  be  your  must-hire  for  2002. 

The  executive  who  can  successfully  rise  to  this  challenge 
will  have  a  diverse  skill  set.  The  CSO  will  not  only  have  to 
understand  the  technology  environment  of  the  company  but 
will  also  need  to  partner  with  the  business  and  technology  lead¬ 
ership  to  design  and  implement  solutions  that  align  the  secu¬ 
rity  needs  of  the  business  with  the  technical  capabilities  of  the  IT 
staff.  Most  important,  this  executive  will  develop  and  promote 
sound  security  practices  and  focus  the  employees  on  their  indi¬ 
vidual  and  corporate  responsibility  to  adopt  those  practices. 

Hiring  a  CSO  requires  redefining  the  culture  of  the  com¬ 
pany.  The  CSO  will  partner  with  HR  and  corporate  trainers 
to  teach  the  staff  and  subsequent  new  hires  that  everyone  is 


required  to  participate  in  protecting  the  company’s  security. 
That  approach  can  actually  be  very  unifying  because  it  is  one 
aspect  of  working  at  the  company  that  everyone  will  have  in 
common.  That  common  bond  can  be  exploited  to  build  good 
will  for  other  initiatives  as  well. 

In  a  time  of  widespread  corporate  layoffs  and  terrorist 
threats,  the  vulnerability  of  a  company  to  potential  security 
breaches  has  never  been  more  real.  So  the  days  of  hiring  a  semi- 
reformed  hacker  to  head  security  are  long  gone.  In  order  to 
understand  and  offer  solutions  for  the  security  issues  of  the 
organization,  the  CSO  will  need  to  have  broad-based  experi¬ 
ence  with  technologies  such  as  public-key  infrastructure,  enter¬ 
prise  user  management,  network  and  host  intrusion  detection, 
firewalls,  single  sign-on,  biometrics  and  so  on.  Preferably,  the 
CSO  is  professionally  certified  as  well. 

One  of  the  most  sensitive  issues  surrounding  this  new  office 


1  2  2 


CIO  JUNE  1,  2002 


www  .cio  .com 


LLUSTRATION  BY  JOYCE  HESSELBERTH 


As  low  as  $1,999!** 


The  Golden  Rule  of  Business:  Make 
it  Better  and  Make  it  for  Less.  Sony's 
C-Series  SuperLite™  Projectors  do 
just  that.  At  just  5  lbs.,  5  oz.,they 
deliver  incredibly  bright  images 
(1000  ANSI  lumens***)  with  out¬ 
standing  picture  quality  from  three 
0.7"  LCD  panels.  And  they  do  it  all 
for  as  low  as  $1,999. 


That's  not  a  typo;  they're  only 
$1,999.  And,  they're  not  just 
stripped  down,  no-frills  models 
either.  They're  fully  loaded  with 
a  4X  digital  zoom,  digital  key¬ 
stone  correction,  remote  control, 
custom  carrying  case,  and  an 
ingenious  flip-top  control  panel. 
What's  the  catch?  Getting  one 
before  they're  all  sold  out. 


02002  Sony  Electronics  Inc  All  rights  reserved.  Reproduction  in  whole  or  in  part  without  written  permission  is  prohibited.  Features  and  specifications  subject  to  change  without  notice.  Sony  and  SuperUte  are  trademarks  of  Sony 4 
•Rebate  or  lamp,  at  no  additional  charge,  is  only  offered  on  the  purchase  of  the  VPL-CS4  and  VPL-CX4  projectors  between  January  15,  2002  and  June  30, 2002.  **  Estimated  U  S.  retail  selling  price.  Actual  retail  selling  price  may  vary. 

•••ANSI  lumen  is  a  measuring  method  of  the  American  National  Standards  Institute  IT7.228.  Since  there  is  no  uniform  method  of  measuring  brightness,  specifications  will  vary  among  manufacturers. 


Call  1-800-472-S0NY  ext.  CS4  today  to  get  the  Sony  projector 

you've  always  wanted  at  a  price  you  never  imagined. 

Or  visit  www.sony.com/projectors 


Opinion 


Re: 


is  reporting  relationships.  The  logical  argument  might  seem  to 
have  the  CSO  report  to  the  CIO,  because  the  CIO  heads  IT.  The 
CIO  might  argue  that  this  position  should  be  a  direct  report 
because  ultimately  all  decisions  affecting  technology  should 
rest  in  his  hands. 

However,  a  core  responsibility  of  the  CSO  will  be  vulnera¬ 
bility  assessment  and  risk  management.  Therefore  the  CSO 
should  report  to  the  COO  or  CEO.  After  all,  the  CSO  will 
evaluate  the  technology  environment  and  audit  the  security 
measures  implemented  by  the  CIO.  It  is  in  the  company’s  and 

the  CIO’s  best  interest  to  have 
the  CSO  perceived  as  an  im¬ 
partial  assessor  of  the  tech¬ 
nology  environment  instead 
of  a  possible  rubber  stamp. 
Think  of  the  CSO  as  the 


head  of  quality  assurance  for  security.  The  CSO  can  also  partner 
with  the  CIO  to  be  an  advocate  for  IT  and  to  proselytize  the 
need  for  expanding  the  IT  budget  to  pay  for  necessary  security 
measures.  The  CSO  can  also  act  as  a  powerful  liaison  between 
the  business  leadership  and  the  IT  leadership,  drawing  them 
together  with  the  common  goal  of  protecting  the  intellectual 
and  physical  assets  of  the  company. 

For  the  first  time,  we  are  being  asked  to  unite  in  ensuring 
our  homeland’s  security.  Corporate  America  is  being  held 
accountable  for  its  own  security  as  well  as  actively  participat¬ 
ing  in  issues  affecting  national  security.  Experienced  strategic 
leadership  is  required  to  achieve  those  goals.  The  CSO  is  the 
perfect  executive  to  take  on  the  challenge.  ■ 


Judy  B.  Homer  is  president  of  JB  Homer  Associates,  a  search  firm  in 
New  York  City  that  places  senior-level  IT  and  operations  executives. 


cio.com _ 

To  whom  should  the  CSO  report? 
Tell  us  at  CIO  READER  POLL  at 
www.cio.com/readerpoll. 


•What  IT 

Planning 


BY  MICHAEL  SYMMERS 

I’VE  MARVELED  OVER  the  years  how  otherwise-prudent  executives  have 
remained  somewhat  indifferent  about  the  consequences  of  a 
disaster.  The  attacks  on  the  World  Trade  Center  and  the 
Pentagon  were  so  extraordinary  as  to  defy  the  imagination  of 
even  the  very  best  disaster  recovery  planners.  Of  course,  disas¬ 
ters  of  that  magnitude  are  not  the  first  place  that  CIOs  and 
other  IT  professionals  should  be  directing  their  attention. 
Instead,  they  need  to  tackle  the  rudiments. 

Consider,  for  instance,  the  case  of  the  deep-fryer.  A  consci¬ 
entious  company  enthusiastically  backed  up  its  data  on  a  daily 
basis,  a  practice  that  is  a  basic  tenet  of  data  recovery.  But  when 
the  deep-fryer  in  the  cafeteria — which  was  located  one  floor 
below  the  data  center — erupted  into  flames,  the  backup  tapes 
were  destroyed,  along  with  much  of  the  data  center.  Why? 
Because  the  company  failed  to  secure  the  tapes  at  an  offsite 
location,  another  basic  tenet  of  data  recovery. 

Here  are  some  things  to  remember  when  developing  a 
business  continuity  strategy. 

Write  it  down.  Develop  a  business  recovery  plan.  Use  docu¬ 
mented,  predetermined  procedures  and  tactics  to  restore  mission- 
critical  business  functions  and  avert  unacceptable  loss. 


Understand  vulnerabilities  and  risks.  That  requires  a  risk 
assessment — a  process  for  analyzing  the  probability  of  what  can 
happen,  what  current  business  functions  may  be  affected  and 
what  is  the  likely  affect  on  the  organization  based  on  the  length 
of  the  outage. 

Assess  the  impact.  Determine  the  amount  of  time  the  com¬ 
pany  can  afford  to  be  out  of  operation,  as  measured  in  rev¬ 
enue  as  well  as  intangibles  such  as  investor  confidence  and 
legal  implications.  The  amount  of  time  you  can  afford  to  be 
down  will  determine  the  next  step. 

Finalize  on  strategy.  While  the  amount  of  allowable  down¬ 
time  will  determine  the  strategy  for  the  most  part,  it  is  no  longer 
as  simple  as  choosing  between  “hot-site”  and  “cold-site.” 
Today’s  environments  and  capabilities  provide  a  number  of  per¬ 
mutations  of  basic  options.  Choose  the  ones  that  are  right  for 
your  organization. 

Don’t  stop  planning.  Ongoing  updating  of  plans  is 
absolutely  essential.  The  plans  should  be  regularly  tested  by 
staff  to  ensure  they  work  and  provide  an  appropriate  level  of 
protection. 

Finally,  the  very  heart  of  disaster  planning  is  balancing 
the  cost  of  protection  and  recovery  with  the  risk.  That  prin¬ 
ciple  must  be  constantly  applied  during  every  segment  of  the 
recovery  planning  process  to  ensure  that  you  invest  only  in 
what  is  essential  for  protection  and  recovery. 

Disaster  recovery  is  often  an  IT  afterthought,  yet  asking 
What  if?  today  can  prevent  you  from  wondering  Why  me? 
tomorrow.  HB 


As  senior  manager  in  Accenture's  Chicago  office,  Michael  Symmers  is 
responsible  for  the  business  continuity  and  disaster  recovery  practice. 


1  2  4 


CIO  JUNE  1,  2002 


www.cio.com 


What  does  product 
development 


mean  to 


EMC? 


“Driving  product  innovations 
like  a  startup,  getting  them  to  market 
like  a  global  leader” 

-Dave  Ellard,  Senior  Vice  President  and  CIO 

EMC  Corporation 


As  manufacturers  look  for  new  ways  to  stay  ahead,  more  and  more  are  returning  to  what  really  sets  them  apart- 
their  products.  That's  why  visionary  CIOs  like  Dave  Ellard  have  put  themselves  on  the  product  development  team.  PTC 
collaborative  product  development  solutions  have  allowed  EMC  to  cut  weeks  out  of  core  processes  and  deliver  the  next 
generation  of  storage  solutions  faster.  “Ultimately,  what  PTC  has  helped  us  do  is  make  our  entire  company  more  scalable,” 
says  Ellard,  “so  we  extend  our  leadership.”  For  more,  download  our  case  study  on  EMC  at  www.ptc.com/go/emc. 


Product  development  means  business.™ 

yD  ptc 

Shaping  Innovation 

©2002  Parametric  Technology  Corporation.  PTC  and  its  logo,  Shaping  Innovation,  Create  Collaborate  and  Control,  ProduetFirst,  and  Product 
Development  Means  Business  are  trademarks  or  registered  trademarks  of  Parametric  Technology  Corporation  or  its  subsidiaries  in  the  United 
States  and  in  other  countries.  EMC  is  a  registered  trademark  of  EMC  Corporation. 


Opinion 


Reality  Bytes 

A  Cold  Look  at  Hot  Trends 


That 

Good-Bye 

Look 

How  you  lay  people  off  says  a  lot  about 
you  and  your  organization 

BY  MEGAN  SANTOSUS 

WAS  IT  ONLY  TWO  YEARS  AGO  that  workers  seemed  to  have  all  the 
power?  Way  back  then,  with  the  economy  buzzing  like  a  bee¬ 
hive  about  to  issue  an  IPO  on  an  integrated  honeycomb  solu¬ 
tion,  your  employees  could  pick  and  choose  among  astound¬ 
ing  job  offers  and  demand — and  get — wacky  perks  (onsite  pet 
massages,  anyone?).  You  handed  them  checks  for  doing  nothing 
more  than  sticking  around  for  another  quarter.  Remember 
retention  bonuses?  Weren’t  they  fun? 

Needless  to  say,  those  flush  times  are  now  a  wistful  mem¬ 
ory.  Today,  control — if  that’s  what  you  want  to  call  hemor¬ 
rhaging  budgets  and  earnings  disappointments — is  back  firmly 
in  the  hands  of  the  employers.  And  the  employers  have  been 
laying  off  folks  in  droves. 

Despite  being  sensible  to  the  obvious  pain  felt  by  those  who 
had  lost  their  jobs,  until  recently  I  viewed  layoffs  with  a  degree 
of  equanimity,  figuring  that  the  thousands  sent  packing  by  the 
likes  of  Enron,  Kmart  and  Polaroid  were,  in  the  long  run,  bet¬ 
ter  off  finding  new  jobs — no  matter  how  long  that  took — than 
they  were  working  for  ineptly  managed  companies. 

The  closest  layoffs  had  hit  to  my  home  was  when  my  brother 


was  sent  packing  from  an  investment  company  following  Wall 
Street’s  annus  horribilis  in  2001.  While  understandably  shocked 
and  dismayed — being  called  out  of  a  Wednesday  morning  meet¬ 
ing  and  escorted  to  HR  by  a  couple  of  frozen-faced  flunkies  was 
not  his  idea  of  a  great  Humpday — he  got  over  it  relatively 
quickly.  Pretty  soon  he  was  following  up  on  promising  leads 
and  landing  interviews.  (For  one  interview,  he  was  whisked 
off  to  Scotland  for  a  day,  and  the  grateful  Scots  sent  him  a  case 
of  champagne  as  compensation  for  his  trouble.  Nice.)  He  spent 
half  his  time  networking  and  job  searching,  and  the  other  half 
doing  his  best  Bob  Vila  impersonation  with  an  overpriced  fixer- 
upper.  Within  three  months,  he  had  a  new  job  and  modern 
plumbing. 


Layoff  Lessons  Learned 

It’s  tough  to  put  a  positive  spin  on  letting  people  go.  Giving 


1  2  6 


CIO  JUNE  1,  2002 


www.cio.com 


return 


With  more  than  20  years’  experience  in  delivering  supply  chain  management  solutions, 
Manugistics  can  implement  your  company’s  solution  more  quickly  than  you  thought 
possible.  And,  of  course,  the  more  quickly  you  start  managing  costs  and  increasing  profits, 
the  more  quickly  you  get  the  return  on  investment  you  were  looking  for  in  the  first  place. 

www.manugistics.com  EXPAND  YOUR  MARGINS.™ 


manugistics 


Opinion 


Reality  Bytes 


employees  a  one-way  ticket  off  the  premises  is  never  pleasant. 
But  it  needn’t  be  cruel  either. 

When  my  brother  was  laid  off — along  with  a  couple  hundred 
of  his  coworkers — it  came  out  of  the  blue.  (Rumor  had  it  that 
management  decided  to  replace  seasoned  fund  managers  like 
him  with  fresh-faced  MBAs  who  happened  to  be  a  whole  lot 
cheaper.)  A  16-year  employee  with  a  good  performance  record, 
he  was  treated  like  a  pariah  the  minute  the  decision  was  made 
to  let  him  go.  Besides  being  publicly  summoned  to  HR  out  of 
a  meeting,  he  was  watched  while  he  packed  up  his  office  (as 
if,  inclined  to  petty  theft,  he  would  not  have  had  ample  oppor¬ 
tunity  over  those  late  nights  and  long  weekends  he  had  put  in 


on  the  job  to  pilfer  staplers  and  rubber  bands),  his  voice  mail 
was  abruptly  disconnected  as  if  he  had  never  existed,  and  he 
wasn’t  given  the  chance  to  say  good-bye  to  his  colleagues.  Nor 
were  those  colleagues  who  remained  told  who  was  let  go  or 
why,  no  doubt  filling  the  survivors’  heads  with  fear  and  uncer¬ 
tainty  over  whose  head  would  be  the  next  to  roll.  In  retrospect, 
my  brother  was  lucky.  He’s  moved  on  to  a  good  job  at  an  untar¬ 
nished  company.  His  former  colleagues  remain  stuck  in  a  quag¬ 
mire  of  sinking  morale  and  pervasive  mistrust. 

The  higher-ups  who  determined  those  layoff  practices  and 
made  those  decisions  may  have  feared  that,  afforded  the  oppor¬ 
tunity,  my  brother  would  have  bad-mouthed  them  to  his  col¬ 
leagues.  They  should  have  realized  that  their  shabby  treatment 
of  him  spoke  more  loudly  about  their  characters,  their  thought 
processes  and  their  leadership  than  anything  he  could  possibly 
have  said. 

True,  his  managers  were  most  likely  just  following  HR’s 
orders  for  the  day.  But  that  doesn’t  let  them  off  the  hook.  HR 
can  do  many  wonderful  things,  but  it  can’t  relieve  a  manager 
of  responsibility  for  discriminating  between  right  and  wrong. 
People  shouldn’t  be  robbed  of  their  dignity,  especially  someone 
who  was  a  valued  employee  just  24  hours  earlier.  It  strikes  me  as 
wrong  that  managers — who  often  bend  over  backward  to  ease 
problem  employees  out  the  door,  offering  written  warnings, 
probationary  periods  and  additional  hands-on  attention — turn 
into  robots  once  layoffs  are  decreed. 

In  addition  to  being  nasty  and  juvenile,  the  treatment  my 
brother  received  is  simply  bad  business.  Layoffs  are  always 
preceded  by  weeks,  even  months,  of  rumor.  During  that  period 
of  dread,  employees  devote  a  considerable  portion  of  their  days 


to  speculating,  gossiping  and  staring  balefully  into  space.  It 
would  have  been  a  whole  lot  better  for  morale  and  productiv¬ 
ity  to  have  given  the  workforce — if  not  the  individual  employees 
pegged  for  downsizing — advance  notice  that  the  layoffs  were 
in  the  offing. 

The  danger  with  being  honest  and  up  front  with  employees  is 
that  some  of  them  won’t  wait  for  the  ax  to  fall.  Once  they  get 
wind  of  what’s  going  on,  they’ll  hit  the  road  for  better  prospects. 
But  that’s  a  risk  companies  have  to  take.  Employees  have  the 
right  to  make  a  living,  to  seek  the  best  opportunities  for  them¬ 
selves.  Unless  an  employer  can  guarantee  a  lifetime  of  exciting 
assignments,  steady  promotions  and  plentiful  pay  raises,  hon¬ 
esty  really  is  the  best  policy. 

And  as  with  all  things  cyclical,  the 
time  will  come  again  when  companies 
compete  fiercely  over  hard-to-find  tal¬ 
ent.  (Onsite  pet  massages,  however,  may 
not  return  in  our  lifetime.)  Many  of 
those  employees  left  behind  at  my 
brother’s  company,  who  witnessed  200 
of  their  colleagues  carted  away  as  if  they  were  one  of  America’s 
Most  Wanted,  likely  have  updated  resumes  on  hand  and  head¬ 
hunters  on  speed  dial,  just  waiting  for  the  day  when  the  econ¬ 
omy  picks  up.  Given  the  first  chance  to  move  on,  many  will. 
And  his  former  company  will  need  plenty  of  luck,  not  to  men¬ 
tion  ready  cash,  to  fill  their  shoes  with  strong  recruits.  In  the 
end,  the  money  the  company  hoped  to  save  by  trimming  expe¬ 
rienced  employees  will  be  spent  recruiting  and  hiring  compe¬ 
tent  people  in  the  future.  Sounds  like  a  zero-sum  game  if  I’ve 
ever  heard  one. 

One  good  thing  that  may  come  out  of  this  current  downslide 
is  a  healthy  hit  of  realism.  The  power  we  thought  we  had  over 
our  employers  was  just  an  illusion.  Whoever  pays  the  bills 
makes  the  rules.  At  times,  the  rules  seem  indulgent  and  tipped  in 
favor  of  employees,  but  that’s  a  dangerous — and  fleeting — sit¬ 
uation.  In  a  capitalist  society,  none  of  us  is  entitled  to  lifetime 
employment;  we  have  to  earn  our  own  keep  by  producing,  hon¬ 
ing  and  sharpening  our  skills,  and  remaining  alert  to  the 
vagaries  and  possibilities  of  whatever  market  in  which  we  find 
ourselves.  We  can’t  be  lulled  by  seemingly  beneficent  employ¬ 
ers  or  allow  our  expectations  to  get  out  of  line.  Many  of  those 
who  have  fallen  victim  to  the  downslide  are  suffering  all  the 
more  because  they  suspect  that  their  earning  potential  peaked 
two  years  ago  and  sadly  for  them,  they’re  probably  right. 
Hopefully  we’ll  remember  those  lessons  when 
the  next  uptick  comes  around.  0E3 


Do  you  have  any  thoughts  about  the  right  way  to  han¬ 
dle  layoffs?  Share  them  with  Senior  Editor  Megan 
Santosus  at  santosus@cio.com. 


HR  can  do  many  wonderful  things,  but  it  can’t 
relieve  a  manager  of  responsibility  for  discriminating 
between  right  and  wrong. 


12  8  CIO  JUNE  1,  2002 


www.cio.com 


corner 


energy  &  power  •  industry  &  automation  •  information  &  communication  •  medical  systems  &  healthcare  •  financing  •  lighting  •  transportation 


*Pr3-  tfx  mw® 


n- 


Business  is  no  longer  confined  by 
four  walls.  Today,  people  need  to  access 
and  exchange  information  -  anytime,  anywhere.  Thanks  to  Siemens 
Next  Generation  Internet  solutions,  they  can.  From  cellular  phones  to 
business  communication  systems  to  optical  networks,  we  provide  the 
tools  that  make  Mobile  Business  a  reality.  As  a  leader  in  everything 
from  information  and  communications,  to  healthcare  to  industry  and 
automation,  Siemens  is  in  a  unique  position  to  make  all  our  lives  better. 
When  you  have  460,000  minds  working  together  all  around  the  globe, 
including  85,000  right  here  in  the  U.S.,  innovative  solutions  emerge. 
And  that’s  what  it  takes  to  change  the  world. 


SIEMENS 


Global  network  of  innovation 


Visit  the  Siemens  booth  #23322  at  SUPERCOMM  to  learn  how  you  can  profit  with  our  next-generation  solutions 

ft  >  Siemens  Corporation,  2002  www.usa.siemens.com 


Opinion 


From  the  Publisher 

gbeach@cio.com 


Put  on  Your 
Sales  Hat 

A  SALES  REPRESENTATIVE  of  a  major  storage  vendor  was  having  dif¬ 
ficulty  getting  a  meeting  with  the  CIO  of  a  national  drugstore 
chain.  All  efforts  failed  until  he  came  up  with  a  game  plan  to 
visit  with  the  managers  of  20  stores  in  the  chain.  He  theorized 
that  the  store  managers  were  actually  the  customers  of  the 
chain’s  CIO.  He  was  right.  The  visits  unearthed  a  major  stor¬ 
age  problem  that  the  CIO  was  unaware  of,  leading  the  salesman 
to  get  a  visit  with  the  CIO.  A  big  contract  followed. 

Salespeople  are  paid  to  craft  innovative  ways  to  sell.  But  what 
about  you?  How  good  a  salesperson  are  you? 

Get  out  your  PDA  and  look  at  the  past  year.  How  much 
time  did  you  spend  in  the  market  with  cash-paying  customers? 
Probably  very  little. 

F.  Warren  McFarlan,  senior  associate  dean  at  the  Harvard 
Business  School,  told  the  audience  at  February’s  CIO  Enterprise 
Value  Retreat  about  a  CIO  who  spends  25  percent  of  his  time  in 
the  field  with  customers.  That’s  one  quarter  of  his  time — one 
entire  week  per  month! 

The  power  of  customer  conviction — and  the  power  of  new 
ideas  on  how  to  serve  customers  better — is  the  byproduct  of  vis¬ 
iting  customers  regularly. 

When  you  meet  face-to-face  with  customers,  you  have 
an  opportunity  to  really  understand  their  concerns  and  pref¬ 


erences.  Ask  customers  what  they  worry  about.  Ask  them 
what  they  would  like  your  company  to  start  doing,  stop 
doing  and  continue  doing  to  serve  them  better.  Ask  them 
how  much  they  know  about  your  company,  its  values  and  its 
other  customers. 

If  they  know  very  little  about  your  company,  its  products  and 
its  strategies,  it  would  not  take  much  for  them  to  switch  to 
your  competition. 

Getting  in  touch  with  your  customers  can  also  help  you  do 
your  own  job  better.  Want  to  get  your  frozen  budgets  approved 
for  the  rest  of  2002?  Preface  your  monthly  presentation  to  your 
management  team  with  how  the  proposed  IT  investments  will 
serve  customers  better.  Frame  your  comments  in  the  customers’ 
voice,  not  yours.  Position  yourself  and  the  IT  department  as  cus¬ 
tomer  advocates. 

Customers — and  prospective  customers — are  the  most  valu¬ 
able  asset  on  your  company’s  balance  sheet.  Make  getting  out  in 
the  field  to  visit  with  them  an  important  part  of  your  job  as 
well  as  that  of  your  staff.  Customers — not  the  CFO — will  show 
you  the  surest  way  to  enhance  your  company’s  shareholder 
value. 

Call  one  today. 


13  0  CIO  JUNE  1 


2002 


www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


AT  LEAST  ONE  BELONGS 
IN  EVERY  HOME. 


— — 


— — — 


___ — - — - -  ~~ 


tctv ./'  -I V. 


sag 


FREE  CD  CASE 
Order  before 
June  30,  2002. 


THE  BOSE  WAVE  RADIO/CD,  THE  MOST  HIGHLY  REVIEWED  "RADIO"  REGARDLESS 
OF  SIZE  OR  PRICE.  The  Wave®  radio/CD  delivers  so  much  more  than  you’d  expect  from  a 
radio.  Of  course,  there’s  the  famous  Bose  sound,  made  possible  by  acoustic  waveguide  speaker 
technology  developed  by  Bose,  the  most  respected  name  in  sound. 

Then  there’s  tire  petite  package  and  refreshingly  easy  operation.  And  the  versatility. 
Connect  one  to  your  TV  for  a  new  dimension  in  sound.  Plug  another  into  your 
computer  to  enhance  music  and  games.  Add  another  to  your 
bedroom  and  awaken  to  your  favorite  station  or  CD. 

No  matter  where  you  listen,  or  what  programming  you  listen  to, 
in  the  first  minute  you  will  know  why  Forbes  FYl  magazine  includ- 


TRY  IT  IN  YOUR 
OWN  HOME 
AND  YOUR  EYES 
WON’T  BELIEVE 
YOUR  EARS. 


ed  die  Wave®  radio  in  its  list  of  “100  Things  Worth  Every  Penny.  ” 

Our  30-day  in-home  trial  makes  it  easy  to  audition  die  Wave®  radio/CD 
now.  (Or,  choose  die  Wave®  radio  widiout  the  CD  player.)  Satisfaction  is  guar¬ 
anteed.  Take  advantage  of  our  installment  plan  which  lets  you  make  12  low 
interest-free  monthly  payments*  Order  before  June  30,  2002  and  receive 
a  free  Bose  CD  carrying  case  that  holds  24  CDs.  Audition  a  Wave®  radio/CD, 
and  we  diink  you’ll  add  at  least  one  more  to  your  home,  too. 


Call  now 

1-800-836-6754  ext.T94l0 

For  information  on  all  our  products:  wrvw.bose.com/t94l0 


Specify  color  when  ordering: 

Wave*  radio/CD:  QPlatinum  White  □Graphite  Gray 
Wave*  radio:  □Platinum  White  □Graphite  Gray 


Name 


Street 

City 

State  Zip 

Day  Phone  ( 

)  Eve.  Phone  (  ) 

Better  sound  through  research  » 

Mail  to:  Bose  Corporation,  Dept.  CDD-T9410,  The  Mountain,  Framingham,  MA  01701-9168 

©2002  Bose  Corporation  Patent  rights  issued  and/or  pending.  The  Wave"  radio  design  is  also  a  registered  trademark  of  Bose  Corporation.  ‘Installment  payment  plan  and  free  CD  case  offer  not  to  be  combined  with  any  other 
offer  or  applied  to  previous  purchases.  Payment  plan  available  on  credit  card  orders  only  and  subject  to  change  without  notice.  Quote:  Forbes  FYl.  Winter  1999. 


Ask  the  Expert 

Advice  from  People  Who  Know 


Courts  Say 

Its  OK: 

Peep  Away 

Ken  Segarnick,  former  assistant  general  counsel  for 
West  Chester,  Pa. -based  United  Messaging, 
answers  readers’  questions  about  the  legal 
consequences  of  electronic  monitoring 

Q:  What  rights,  if  any,  does  an  employee  have  in  protecting 
his  privacy  in  the  workplace? 

A:  When  it  comes  to  workplace  e-mail,  courts  have  tended 
to  reject  privacy  claims  based  on  employer  monitoring.  A 
handful  of  courts  have  held  that  an  employee  does  not  have  a 
reasonable  expectation  of  privacy  in  e-mail  communication 
made  over  a  company  e-mail  system — leaving  employees 
with  little  recourse  against  employers  that  snoop  through 
their  e-mail.  One  federal  court  went  so  far  as  to  say  that  an 
employee  has  no  reasonable  expectation  of  privacy  in  his 
workplace  e-mail  even  when  a  company  assures  him  that 
such  communications  will  not  be  intercepted. 

One  thing  is  clear,  however:  A  court  is  highly  unlikely  to 
conclude  that  an  employee  has  a  reasonable  expectation  of 
privacy  in  his  e-mail  communications  when  the  employer  has 
a  policy  clearly  stating  that  such  communications  are  subject 
to  monitoring.  As  such,  employers  are  free  to  monitor  their 
employees’  use  of  their  networks  so  long  as  the  company  does 
not  violate  labor  and  antidiscrimination  laws — for  example, 
by  targeting  union  organizers  or  minorities. 


Q:  My  company  has  a  policy  that  restricts  the  use  of  company 
e-mail  accounts  for  personal  use.  Can  the  company  access  my 
personal  AOL  account  if  I  use  its  computer  and  Internet  con¬ 
nection  to  check  e-mail? 

A:  Court  decisions  that  have  upheld  an  employer’s  right  to 
monitor  employee  e-mail  seem  to  center  on  the  fact  that 
the  messages  are  accessed  through  and  stored  on  com¬ 
pany-owned  computer  resources.  The  fact  that  the  mes¬ 
sages  may  come  from  a  “personal”  account,  such  as  Hot¬ 
mail  or  AOL,  would  not  likely  alter  the  rationale  of  these 
decisions,  unless,  of  course,  a  company  policy  expressly 
states  otherwise. 

For  instance,  in  a  recent  Texas  appellate  court  decision,  the 
court  held  that  an  employee  did  not  suffer  an  invasion  of  pri¬ 
vacy  when  his  employer  reviewed  and  disseminated  e-mail 
messages  that  were  stored  in  a  “personal  folders”  application 


13  2  CIO  JUNE  1,  2002 


www.cio.com 


ILLUSTRATION  BY  WHITNEY  SHERMAN 


wonr.Gmii 
/?  mo 


r. 


CrF-T JO  FFFGGVFFJ 
\  FfFTFF 


IBM  LIFE  SCIENCES  AND  OUR  BUSINESS  PARTNERS  OFFER  SERVER  AND  STORAGE 
SOLUTIONS  TO  HELP  ACCELERATE  GENOMIC  AND  PROTEOMIC  RESEARCH  AND 
DRUG  DISCOVERY. 

IBM  (©server  Solutions.  From  the  high-performance  IBM  (^server  pSeries  690  to  the  IBM  (©server 
Cluster  1300  running  Linux,  IBM  servers  deliver  self-managing  technology  that  allows  multi-platform 
accessibility  and  the  flexibility  to  select,  build  and  deploy  a  range  of  applications. 


IBM  TotalStorage™  Products.  IBM  offers  the  broadest  portfolio  of  high-performance  storage 
products  -  tape,  disk,  storage  networking  and  management  software  -  designed  to  provide  high 
availability  and  an  open,  scalable  and  flexible  infrastructure  for  growing  data-intensive  environments. 

To  get  a  free  “Protein  Folding”  screensaver,  visit  ibm.com/solutions/lifesciences/servers6 


Ask  the  Expert 


on  his  office  computer.  Notably,  the  court’s  analysis  honed  in  on 
the  misconception  that  an  employee’s  personal  workstation  is 
the  equivalent  to  his  personal  property. 

Following  the  rationale  of  that  Texas  court,  it  appears  to 
make  no  difference  whether  the  employer  was  monitoring  mes¬ 
sages  stored  on  the  computer  from  a  work  e-mail  account  or 
a  personal  e-mail  account.  An  employee  would  not  have  a 
reasonable  expectation  of  privacy  in  the  contents  of  any  appli¬ 


cation  or  file  stored  on  a  company-owned  computer.  Because 
your  company  has  expressed  prohibition  against  personal  use 
of  e-mail,  you  would  be  well-advised  to  refrain  from  using 
the  company’s  computer  and  Internet  connection  to  access 
your  personal  messaging  account. 


by  its  employees.  Therefore,  an  employer  who  endeavors  to 
institute  policies  and  procedures  to  prevent  and  correct  dis¬ 
criminatory  or  harassing  behavior,  for  example,  will  have  an 
affirmative  defense  available  against  an  action  brought  under 
the  theories  of  vicarious  liability  or  negligent  supervision.  To 
foster  this  preemptive  strike,  many  companies  have  decided  to 
institute  various  forms  of  computer  monitoring  programs,  rang¬ 
ing  from  content-filtering  to  keystroke  monitoring.  Statistics 

show  that  the  share  of  major  U.S.  com¬ 
panies  checking  employee  e-mail  mes¬ 
sages  has  jumped  from  14.9  percent  in 
1997  to  46.5  percent  in  2001,  accord¬ 
ing  to  a  survey  conducted  by  the 
American  Management  Association. 
Currently,  the  case  law  on  this  point  has 
resolved  the  debate  in  the  company’s 
favor,  leaving  employees  with  little 
recourse  against  employers  that  snoop 
through  their  e-mail.  Flowever,  exces¬ 
sive  monitoring  may  sometimes  lead  to 
a  higher  standard  of  care.  Therefore,  it  may  be  preferable  for 
your  company  to  reserve  the  right  to  monitor  e-mail  at  any  time 
and  without  further  notice,  while  focusing  actual  monitoring  on 
investigations  or  suspicion  of  e-mail  system  misuse. 


It  may  be  preferable  for  your  company  to 
reserve  the  right  to  monitor  e-mail  at  any  time 
and  without  further  notice,  while  focusing  actual 
monitoring  on  suspicion  of  misuse. 


Q:  It  seems  as  though  companies  will  get  sued  for  a  hostile 
workplace  if  they  don’t  monitor  employees’  e-mail  and  will 
get  sued  for  privacy  invasion  or  bias  if  they  do  monitor  it!  In 
your  opinion,  which  course  of  action  is  the  most  prudent? 

A:  While  the  burgeoning  risks  associated  with  e-mail  con¬ 
tinue  to  emerge  in  today’s  information  society,  the  trigger 
point  for  an  employer’s  liability  stems  from  a  longstanding 
legal  principle — the  Respondeat  Superior  doctrine,  which 
imposes  liability  on  employers  for  the  misconduct  of  their 
employees  when  it  occurs  in  the  scope  of  their  employment. 

An  employer  may  also  be  directly  liable  for  damages  re¬ 
sulting  from  the  negligent  super¬ 
vision  of  its  employee’s  activities. 
Under  this  theory,  the  employer’s 
liability  is  direct,  not  vicarious  (as 
under  Respondeat  Superior),  and 
the  employer’s  duty  of  care  may 
extend  to  actions  outside  the 
scope  of  employment. 

In  order  to  take  a  preemptive 
strike  at  those  forms  of  liability, 
an  employer  must  exercise  rea¬ 
sonable  care  to  prevent  the  harm 
that  could  potentially  be  caused 


cio.com _ 

ASK  THE  EXPERT 

Have  a  question  about 
intrusion  detection?  Post  your 
questions  for  Paul  Proctor, 
senior  vice  president  with  NFR 
Security,  through  June  15  at 
www2.cio. com/CIO/expert 
or  e-mail  questions  to 
asktheexpert@cio.com. 


Q:  I  am  writing  a  best  practices  document  for  internal  e-mail 
distribution.  Is  there  a  public  policy  or  guideline  so  that  I  don’t 
have  to  create  one  from  scratch? 

A:  I  have  seen  a  number  of  articles  on  e-mail  dos  and  don’ts 
that  set  forth  guidelines  that  require  e-mail  users  to  be  con¬ 
cise,  stop  and  think  before  sending  a  message,  avoid  e-mail 
threads,  limit  the  use  of  ALL  CAPS  and  limit  distribution  lists. 
Michael  Overly’s  E-policy:  How  to  Develop  Computer,  E- 
mail,  and  Internet  Guidelines  to  Protect  Your  Company  and 
Its  Assets  (Amacom,  1998)  is  a  great  resource  for  exploring 
issues  of  e-mail  etiquette  and  policy  development. 

Flowever,  I  would  not  give  up  on  the  idea  of  creating  a  pol¬ 
icy  from  scratch.  Currently,  there  is  no  such  thing  as  an  iron¬ 
clad  policy  that  will  safeguard  employers  from  areas  of  expo¬ 
sure  and  risk.  The  entire  concept  of  an  e-mail  policy  remains 
in  its  embryonic  stage,  while  employers  are  becoming  increas¬ 
ingly  embroiled  in  litigation  stemming  from  misuse  of  work¬ 
place  e-mail.  Given  the  patchwork  of  inconsistent  rules  that  cur¬ 
rently  extend  to  e-mail  in  the  workplace,  the  safest  course  for 
businesses  today  is  to  assess  their  own  electronic  infrastructure 
and  work  environment,  and  tailor  messaging  policies  to  their 
particular  business  needs,  rasi 


To  recommend  an  expert  for  this  column  or  suggest  a  topic,  contact 
Senior  Editor  Daintry  Duffy  at  dduffy@cio.com. 


134  CIO  JUNE  1,  2002  • www.cio.com 


YOU  NEED  TO  GET  SMART  FAST 


What  if  the  unthinkable— a  security  breach— happens?  What 
measures  can  you  put  in  place  to  limit  damage  and  get  your 
systems  back  online  as  quickly  as  possible?  Who  should  you 
talk  to-and  when?  Turn  to  the  CIO  FOCUS™  on  SECURITY 
INCIDENT  PLANNING:  HOW  TO  PREPARE  TO  RESPOND 
AND  RECOVER— actionable  information  created,  filtered  and 
packaged  by  the  award-winning  editors  of  CIO  magazine. 

CIO  FOCUS™  is  delivered  right  to  your  desktop,  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours. 


CIO  FOCUS" 


STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


CIO  FOCUS™ 

TOPICS  AVAILABLE: 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Fundamentals  of  the  CIO  Role 

Security  ASAP:  How  to  Be 
As  Safe  As  Possible 

Applied  Wireless:  Making 
Wireless  Work  in  Business 

■>  Strategic  Planning:  How  to 
Develop  and  Align  IT  Strategy 

Fundamentals  of  Enterprise  IT 


FOR  EXECUTIVE  DECISION  SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.theCIOstore.com 


Career  Counsel 

Mark  Polansky  Offers  Advice  to  Aspiring  CIOs  and  IT  Managers 


Two-Stepping 

to  a  New 

Q.  I  am  in  my  16th  year  as  a  computer  professional  and  currently 
serve  as  manager  of  IS  for  a  very  successful  beverage  distribu¬ 
tor.  My  dilemma  is  twofold.  The  company  is  old-fashioned— it  has 
pay  scales  and  increases  them  slowly.  Mine  is  approximately 
30  percent  below  the  low  end  of  the  average.  How  do  I  properly 
continue  to  emphasize  that  my  staff  and  I  are  grossly  underpaid? 

The  second  issue  is  the  company’s  executive  structure,  which 
changed  about  nine  months  ago.  I  now  report  to  the  vice  presi¬ 
dent  of  administration  and  information.  He  has  no  background 
in  and  very  little  knowledge  of  IT.  My  position  is  considered  to 
be  part  of  executive  management  at  the  director  level,  and  my 
job  functions  are  those  of  a  CIO.  How  do  I  handle  the  new  polit¬ 
ical  struggle  that’s  shaping  up? 

A:  Your  first  question  regarding  salary  is  quite  simple  and  direct. 
If  you  are  certain  that  management  is  aware  that  its  IS  profes¬ 
sionals  have  been  historically  underpaid  at  compensation  lev¬ 
els  significantly  below  market,  and  you  have  done  your  very 
best  to  change  that,  then  you  and  your  staff  must  vote  with  your 
feet  and  either  stay  or  go.  Your  portrayal  of  the  situation  tells 

136  CIO  JUNE  1,  2002  •  www.cio.com 


me  that  your  company  does  not  really  value  IT — or  you  and 
your  staff — as  highly  as  it  should  and  is  therefore  willing  to 
risk  turnover  to  avoid  raising  salaries.  That  reality,  plus  your 
new  boss  with  his  position  in  the  organization  and  a  title  that 
belie  your  presumed  chief  strategic  role,  adds  up  to  an  under¬ 
paid  and  underappreciated  IS  department  and  manager.  If  you 
truly  have  the  qualifications  and  experience  of  a  CIO,  my  vote 
is  for  you  to  walk. 

< 

3 

READING  THE  SIGNALS  1 

Q.  I  am  currently  a  vice  president  of  applications  development.  | 

O 

I  have  an  MBA  from  a  top-tier  B-school  and  17  years  of  profes-  ^ 

-  m 

sional  experience  including  software,  hardware,  operations,  tele-  z 

O 

com  and  project  management.  I  have  managed  organizations  5 

cr 

as  large  as  110  people.  We  lost  our  CIO/CTO  several  months  £ 
ago.  I  believe  I  am  the  most  qualified  candidate  and  have  d 


Web  Services:  Fact  or  Fiction? 
Well  Tell  You  What  The 


Hype-Meisters  Won’t. 

Web  Services  pioneers  expose  some  of  the 
big  myths  behind  this  IT  trend. 


Associate  Partner 


Accenture 


A  service  of  ITworld.com  and  CXO  Media 

j/  /  ■ 


@ 


Sponsored  by: 


bowstreet 


Frank  Moss 

Chairman  and 
Co-Founder 


Bowstreet 


Gary  Beach 
Group  Publisher 
CXO  Media  Inc. 


Patricia  Seybold 
Founder  and  CEO 
Patricia  Seybold  Group 


Joseph  L.  Kennedy 
Principal 

State  Street  Global 
Advisors 


Pay  No  Attention 
to  That  Man 
Behind  the  Curtain: 


Discussion  Topics 

•  Are  Web  Services  the  cure  for  virtually  every  IT  ill? 

•  What  are  the  most  over-hyped  Web  Services 


controversies? 


•  What  do  you  need  to  know  before  you  implement 
Web  Services? 


What  the  Hype-Meisters  of 
Web  Services  Aren't  Telling  You 


What  are  the  potential  pitfalls  and  how  can  you 
avoid  them? 


GO 


•  What  are  the  hidden  opportunities  behind  Web 
Services? 


Tune  in  now  to  discover  the  real  business  and  IT  benefits  behind 
Web  services  and  how  you  can  get  started  today. 


www.itworld.com/bowstreetad 


Brought  to  you  by: 


@ 


bowstreet 


CIO 


Career  Counsel 


expressed  my  interest  in  the  position.  However,  I  am  not  con¬ 
sidered  a  candidate.  1  asked  for  feedback  on  the  decision  and 
have  received  nothing  tangible,  although  the  feedback  from  the 
executive  team  on  my  performance  is  glowing.  I  feel  as  though 
I  will  never  be  considered  for  the  CIO/CTO  role  as  an  insider. 
Worse,  I  feel  it  would  be  too  difficult  to  explain  to  future  employ¬ 
ers  why  I  have  been  passed  over  for  that  role.  It  looks  like  I  must 
leave  the  company,  and  before  the  new  CIO/CTO  is  found.  Any 
thoughts? 

A:  Your  background  seems  to  be  well-rounded  in  terms  of 
academic  credentials  and  your  technically  diverse  experi¬ 
ences  covering  the  gamut  of  IT.  On  paper  you  seem  to  be 
well-prepared  for  a  CIO  opportunity.  I  applaud  your  direct 
effort  to  get  senior  management  to  share  their  perspective 
with  you,  but  you  said  that  nothing  negative  came  up.  So 
what  did  they  say  when  you  asked  why  you  weren’t  being 
considered  for  the  job?  Perhaps  it’s  a  personality  or  chem¬ 
istry  issue — but  if  so,  why  no  feedback?  Or  perhaps  the 
executive  team  simply  does  not  perceive  you  as  the  right 
guy  for  the  job,  or  the  right  guy  yet ,  considering  your  rela¬ 
tive  youth.  But  again,  why  no  feedback?  If  you  are  honestly 
certain  that  you  are  CIO  material  now  and  have  obtained 
reliable  and  trusted  third-party  confirmation  of  that,  then 
it  probably  is  time  to  move  on. 

The  timing  of  your  move  is  not  critical,  but  sooner  rather 
than  later  is  probably  better.  That  said,  it  is  generally  easier  to 
find  a  good  job  while  you  are  still  employed,  so  weigh  your 
decision  carefully.  In  either  case,  whether  you  leave  before  or 
after  the  next  CIO  arrives,  and  whether  or  not  you  leave  with 
your  next  gig  in  hand,  talk  to  management  before  you  resign. 
Let  them  know  how  you  feel  and  ask  to  negotiate  a  graceful  and 
financially  advantageous  (for  you!)  exit  based  on  their  unwill¬ 
ingness  to  consider  you  as  a  candidate  for  the  CIO  position. 
Last,  don’t  overlook  a  great  number-two  job  with  a  promising 
future. 

WRONG  MOVE? 

Q.  I  have  been  on  a  new  job  for  two  weeks  and  am  in  the  process 
of  relocating  my  family  halfway  across  the  United  States.  The 
company  is  now  asking  everyone  to  voluntarily  take  a  10  per¬ 
cent  pay  cut  and  take  unpaid 
time  off.  Should  I  sacrifice  and 
play  the  corporate  citizen  or 
decline  to  participate  in  these 
cost-saving  efforts? 

A:  The  answer  to  your  ques¬ 
tion  depends  on  if  you  really 
want  to  give  your  new  oppor¬ 


tunity  its  best  chance  of  success.  In  this  challenging  business 
environment  many  organizations  are  experiencing  economic 
conditions  that  dictate  prudent  fiscal  action,  be  it  in  the  form  of 
expense  elimination,  head  count  reduction,  staff  furloughs  or 
salary  cuts.  In  that  case,  a  voluntary  and  uniform  percentage 
cut  in  pay  is  an  interesting  way  of  getting  everyone  to  rally 
around  the  cause  in  an  inclusive  way.  But  there’s  no  avoiding 
the  inevitable  “good  or  bad  citizen”  consequence  of  individ¬ 
ual  cooperation  that  has  caused  you  to  stop  and  think  about 
your  response.  Although  that  kind  of  monetary  teamwork 
cuts  very  close  to  home,  let  your  sensibility  guide  you  and 
hope  that  your  “investment”  rather  than  your  “sacrifice”  pays 
dividends.  If  the  return  doesn’t  materialize  in  due  time,  write 
your  investment  off  and  move  on. 

LEAPING  OP 

Q.  I  am  currently  director  of  IS  for  a  small  $160  million  manu¬ 
facturing  company.  I  report  directly  to  the  CEO  and  have  the 
responsibilities  of  a  CIO.  I  recently  discovered  some  serious 
ethical  issues  with  our  vice  president  of  finance  and  brought 
them  to  the  attention  of  the  CEO.  He  shrugged  them  off.  I  know 
I  need  to  find  another  position  and  have  been  looking.  However, 
most  vice  president  or  CIO  positions  I’ve  been  looking  at  require 
experience  from  much  larger  companies  than  the  one  where  I’m 
currently  employed.  How  do  I  make  the  leap  when  I  know  my 
background  and  education  are  up  to  the  task? 

A:  You  are  correct  in  assessing  your  compelling  need  for  a 
change  of  venue,  based  on  the  disreputable  corporate  behavior 
you  have  uncovered.  As  to  your  job  search  perplexity,  there 
are  basically  two  ways  to  get  to  the  top  IS  position  in  a  large 
company.  First,  you  can  make  a  lateral  move  at  the  CIO  level, 
or  a  series  of  such  lateral  moves  up  the  scale  at  increasingly 
larger  environments  in  which  you  are  professionally  challenged 
but  not  overwhelmed  until  you  arrive  at  your  goal.  The  alter¬ 
native  approach  is  to  ascend  the  organizational  ladder  from 
within  a  very  large  enterprise  by  starting  from  a  lower  posi¬ 
tion  such  as  project  director  or  applications  manager.  For  some¬ 
one  who  has  already  served  as  a  small-shop  CIO,  the  choice 
of  strategy  may  be  based  on  your  sensitivity  to  trading  off  your 
current  top  dog  status  for  the  advantages  of  acquiring  big  com¬ 
pany  experience,  rara 


Mark  Polansky  is  a  managing  director  and  member  of  the  advanced  tech¬ 
nology  practice  of  Korn/Ferry  International  in  New  York 
City.  He  is  also  the  chairman  of  the  Greater  New  York 
Chapter  of  the  Society  for  information  Management.  The 
Web-based  Executive  Career  Counselor  column  is  edited 
by  Web  Research  Manager  Kathleen  Kotwica.  She  can 
be  reached  at  kkotwica@cio.com. 


cio.com 

Have  a  career  question? 

Visit  our  website  at 
www.cio.com/executive/ 
counselor.html  and  pose  your 
own  questions. 


13  8  CIO  JUNE  1,  2002 


www.cio.com 


PHOTO  BY  ANDRE  S0UR0UJ0N 


THE  FOURTH  ANNUAL 


Leadership  and  Innovation  for  the  Future  of  the  Integrated  Enterprise 


AUGUST  18-20,  2002  ■  THE  BROADMOOR  ■  COLORADO  SPRINGS,  COLORADO 


Join  your  CIO  peers  and  industry  experts  as  we... 

•  Explore  how  integration  creates  competitive  advantage 

•  Redefine  leadership  -  and  the  role  of  IT  -  in  the  next  business  epoch 

•  Target  the  emerging  technologies  that  will  change  your  business 

•  Share  lessons  learned  and  best  practices 


SYMPOSIU 


AUGUST  18-20,  2002  ■  THE  BROADMOOR  ■  COLORADO  SPRINGS,  COLORADO 


Leadership 


n  n  o 


Acxiom  Corporation 


Day  Software,  Inc. 

EDS 

Hewlett-Packard 
Novell,  Inc. 

PeopleSoft,  Inc. 

Sterling  Commerce,  Inc, 
SupportSoft,  Inc. 

This  year’s  CIO  100  Awards 
Ceremony  is  proudly 
underwritten  by 

PeopleSoft, 


SUNDAY,  AUGUST  18 

8:00  AM  -  1:30  PM 

Golf  Tournament 

Tee  up  with  CIO  and  our  Corporate 
Partners  on  The  Broadmoor’s  West 
Course,  designed  by  Robert  Trent 
Jones,  and  known  for  its  challenging, 
steeply-angled  greens. 

3:00  PM  -  5:00  PM 

Registration 

6:00  PM  -  7:30  PM 

Cafe  100  Reception 

Meet  and  network  with  other  partici¬ 
pants,  Award  honorees  and 
Symposium  Partners  in  our  informal 
networking  environment. 

MONDAY,  AUGUST  19 

7:00  AM  -  8:00  AM 

Registration  &  Breakfast 

8:00  AM  -  8:15  AM 

Conference  Welcome 

ABBIE  LUNDBERG 
Editor  in  Chief, 

CIO  Magazine 

8:15  AM  -  9:00  AM 

Future  Forewarned 

PAUL  SAFFO, 

Conference  Moderator 
Director  and  Roy  Amara 
Fellow,  Institute  for  the 
Future 

What  business  and  technology  devel¬ 
opments  will  have  the  most  impact 
on  CIOs  in  the  year  to  come?  Saffo 
shares  his  choices  and  why  he  thinks, 
these  are  the  key  ones  to  look  out  for. 


9:00  AM  -  9:45  AM 

The  Leadership  Challenge  of 
Integration 

CHERRI  MUSSER 
Information  Officer, 
eGM  -  Onstar,  General 
Motors 

9:45  AM  -  10:15  AM 

Innovation,  Leadership  and 
Integration 

CRAIG  CONWAY 
CEO,  PeopleSoft,  Inc. 

10:15  AM  -  10:45  AM 

Mid-Morning  Break 

10:45  AM  -  11:30  AM 

Supply  Chain  Lessons  Learned 
from  the  High-Tech  Implosion 

BUD  MATHAISEL 

Corporate  Vice  President  &  CIO, 

Solectron 

Inventory  write-offs  have  been  in  the 
billions  of  dollars.  This  has  been  a 
financial  problem  for  high-tech  com¬ 
panies,  and  a  particular  embarrass¬ 
ment  for  those  companies  with 
vaunted  Internet. connections  to  their 
suppliers  and  customers.  What  went 
wrong?  Was  it  the  systems,  process¬ 
es,  people  or  incentives  that  failed? 
Does  a  risk-based  approach  towards 
supply  chain  management  have 
potential?  Mathaisel  presents  his 
perspective  and  a  framework  for 
helping  to  prevent  the  reoccurrence 
of  this  expensive  set  of  mistakes. 

11:40  AM  -  12:25  PM 

Industry  Briefings 

Our  corporate  partners  present  case 


studies  and  sessions  on  deploying 
the  latest  technologies  and  services. 

12:30  PM  -  1:15  PM 

Industry  Briefings 

1:15  PM  -  2:45  PM 

Working  Luncheon:  Special 
Presentation  on  Security  and 
Privacy 

This  session  is  produced  in  coopera¬ 
tion  with  the  National  Critical 
Infrastructure  Assurance  Office 
(CIAO)  in  the  US  Department  of 
Commerce. 

2:45  PM  -3:00  PM 

Corporate  IT  Spending  Trends  — 

Where  Are  They  Headed? 

GARY  BEACH 
Group  Publisher, 

CXO  Media  Inc. 

The  CIO  Magazine  Tech 
Poll™  was  created  by  CIO 
magazine  in  August  2000  in  associa¬ 
tion  with  Deutsche  Banc  Securities  and 
Dr.  Ed  Yardeni,  Chief  Investment  Strate¬ 
gist,  Prudential  Securities,  Inc.  The  poll 
is  proving  to  be  an  accurate  indicator  of 
technology  spending  trends.  Beach 
presents  an  overview  of  latest  results. 

3:00  PM -4:00  PM 

Ethics  of  Data  Management 

We  discuss  the  ethical  dilemmas  that 
arise  around  the  collection  and  disposal 
of  customer  and  financial  data,  em¬ 
ployee  monitoring,  and  the  safeguard¬ 
ing  (and  exploitation)  of  corporate  as¬ 
sets. 


To  enroll  or  for  more  information,  call  800  355-0246,  fax  the  form 
to  508  879-7720,  or  visit  our  Web  site  at  www.cio.com/conferences 


AWARDS  CEREMONY 


tion»lntegrati 


4:00  PM  -  5:30  PM 

CIO  Executive  Mindshares 

Small  working  groups  explore  the 
leadership  challenges  and  best 
practices  of  specific,  critical 
IT/business  topics.  Members  share 
experiences,  lessons  learned,  mis¬ 
takes  and  successes,  and  come  up 
with  new  ideas  for  tackling  common 
problems.  Session  participation  is 
limited  to  CIOs  and  senior  IT  execu¬ 
tives. 

6:00  PM  -  7:00  PM 
Cafe  100  Reception 

Catch  up  with  our  Symposium 
Partners  and  other  participants  in 
our  informal  networking  lounge. 
Develop  relationships  with  peers 
who  will  serve  as  sources  of  infor¬ 
mation  and  inspiration. 

TUESDAY,  AUGUST  20 

7:00  AM  -  8:00  AM 
Breakfast  &  Informal 
Roundtable  Discussions 

Gather  with  CIO  magazine  editors 
and  fellow  attendees  to  discuss 
common  problems  and  possible 
solutions.  Each  table  has  a  specific 
topic;  choose  one  and  join  in. 

8:00  AM  -  8:15  AM 

Welcome 

PAUL  SAFFO 

8:15  AM  -  9:15  AM 

The  Information  Revolution: 
Why  This  is  Just  the  End  of 
the  Beginning 

W.  BRIAN  ARTHUR 
Citibank  Professor, 

Santa  Fe  Institute 
According  to  history,  in 


the  first  stage  of  a  technology  revo¬ 
lution,  a  period  of  speculation  is  fol¬ 
lowed  by  a  crash.  But  we  can  expect 
more  real  innovation  to  come  in  the 
great  build-out  that  follows,  this 
time  driven  by  the  interconnection 
of  business  and  the  appearance  of 
Web-based  services. 

9:15  AM  -  10:15  AM 

The  Future  of  Technology  in 

Business,  Part  I 

While  the  pace  of  innovation  and 
change  in  the  tech  sector  has 
slowed  dramatically,  the  real  build¬ 
out  —  and  the  real  transformation 
of  business  —  is  yet  to  come.  New 
developments  like  the  semantic 
web,  virtual  reality  modeling  lan¬ 
guage  (VRML),  wireless  everywhere, 
cutting-edge  security  tools  and  tech¬ 
niques,  and  the  ability  of  organiza¬ 
tions  to  store  and  manage  over  a 
petabyte  of  information  will  make 
things  possible  that  only  the  futur¬ 
ists  dreamed  about  before.  This 
panel  of  leading  technologists 
explores  some  of  these  critical  areas 
in  depth. 

10:15  AM  -  10:45  AM 

The  Future  of  Techonology  in 

Business,  Part  II 

The  morning’s  speakers  gather  for 
an  interactive  discussion  about 
where  these  developments  will 
lead  today’s  organizations. 

10:45  AM  -  11:15  AM 

Mid-Morning  Break 

11:15  AM  -  Noon 

Industry  Briefings 


12:10  PM  -  12:55  PM 

Industry  Briefings 

1:00  PM  -  2:15  PM 
Networking  Luncheon 

Savor  lunch  and  the  beautiful  view 
from  the  Lakeside  Terrace  while  you 
extend  your  peer  network. 

2:30  PM  -  3:30  PM 
Leading  in  the  Next 
Business/IT  Epoch 
Moderator: 

ABBIE  LUNDBERG 
Editor  in  Chief, 

CIO  Magazine 
Panelists: 

JERI  DUNN 
CIO,  Nestle  USA,  Inc. 

REBECCA  RHOADS 
CIO,  Raytheon  Company 
IT  is  more  exposed  to,  and  embed¬ 
ded  in,  the  business  than  ever 
before.  As  we  emerge  from  the 
recession,  what  will  be  the  next  IT 
epoch,  and  how  will  CIOs  best  lead 
their  organizations  into  it?  This 
roundtable  of  CIO  100  Honorees 
discusses  our  current  state  of  evo¬ 
lution,  where  we're  heading  and  the 
requirements  of  the  IT  leadership 
role,  including  shifting  accountabili¬ 
ty,  governance  and  organization 

The  Broadmoor 

The  Broadmoor  Located  in 
Colorado  Springs  at  the  foot  of  the 
Rockies,  The  Broadmoor  provides 
an  environment  of  unparalleled 
beauty  and  luxury  surrounded  by 
the  mountains  and  centered  by 
Cheyenne  Lake. 

Altitude  Caution:  For  your  safety  and  comfort, 
please  be  aware  that  The  Broadmoor  is  just  over 
6000  ft.  above  sea  level. 


o  n 


models,  the  challenge  of  ROI,  and 
transformation  vs.  enablement. 

3:30  PM  -  4:15  PM 

Closing  Keynote 

4:15  PM  -  4:30  PM 

Closing  Comments 

PAUL  SAFFO  &  ABBIE  LUNDBERG 

4:30  PM  -  6:30  PM 

Free  Time/Informal 
Networking 

6:30  PM  -  7:00  PM 

CIO  100  Awards  Reception 

Put  on  the  evening  wear  for  our 
special  black  tie  reception,  followed 
by  dinner  and  the  awards  ceremony 
to  recognize  this  year’s  CIO  100 
Award  Honorees. 

7:00  PM  -  9:30  PM 

CIO  100  Awards  Dinner  and 
Ceremony 

9:30  PM  -  11:00  PM 

Dessert  Reception 
Hosted  by  CIO  100  Awards 
Ceremony  Underwriter, 
PeopleSoft,  Inc. 

Cap  off  the  evening  with  a  special 
post-awards  reception. 


CIO  100  SYMPOSIUM  &  AWARDS 
AUGUST  18-20,  2002 
THE  BROADMOOR 
COLORADO  SPRINGS,  COLORADO 

ENROLLMENT  APPLICATION 

□  I  won’t  be  able  to  attend,  but  please  keep  me  updated  on  future 
CIO  events. 


NAME 


TITLE 


COMPANY 


ADDRESS  MAIL  STOP 


TELEPHONE  FAX 


CITY,  STATE,  ZIP 


E-MAIL  ADDRESS  WEBSITE  URL 


NAME  AS  YOU  WANT  IT  TO  APPEAR  ON  YOUR  BADGE 

□  I  will  be  attending  the  Awards  Ceremony  Dinner  on  Tuesday 
evening. 

□  I  will  bring  a  companion  at  the  cost  of  $375.  (Please  note: 
Companion  Program  details  under  enrollment  fees) 


NAME  OF  MY  COMPANION 

□  My  companion  will  attend  the  USAFA  Garden  of  the  Gods  tour 
Monday  Morning. 

□  My  companion  will  be  attending  the  Awards  Ceremony  Dinner  on 
Tuesday  evening. 

WHAT  IS... 

YOUR  PRIMARY  INDUSTRY? 


If  this  is  your  first  CIO  event, 
your  business  card  is  required 
to  process  your  registration. 


4ROBJN1 

ENROLLMENT  FEES 

□  IS  Practitioner/Executive 

$1,895  if  registered  by  June  28,  2002 
$2,195  after  June  28 

Please  make  your  hotel  reservations  immediately  by  calling  CIO 
Conference  Housing  at  800  514-7639.  To  receive  the  discounted  rate, 
please  mention  you  are  attending  CIO  100  when  making  your  reservations. 
Be  sure  to  guarantee  your  room  with  a  credit  card,  as  all  unreserved  or 
unguaranteed  rooms  will  be  released  on  July  5,  2002.  Hotel  reservations, 
cancellations  and  charges  are  your  responsibility.  If  a  Symposium 
Enrollment  Form  is  not  received  within  48  hours  of  making  your  hotel 
reservation,  your  room  will  be  released  from  the  CIO  100  room  block. 

□  US  Federal  Government/Military 

$2,195  if  registered  by  June  28,  2002 
$2,495  after  June  28 

This  fee  includes  your  hotel  for  three  nights.  CXO  will  make  your  hotel 
reservations  for  arrival  Sunday,  August  18  and  departure  Wednesday, 

August  21.  Additional  hotel  reservations  are  your  responsibility. 

□  Companion  Program  $375 

This  fee  includes  all  scheduled  meals,  receptions  and  entertainment, 
planned  companion  activities  and  the  CIO  100  Dinner  &  Awards  Ceremony. 
Companions  are  not  be  eligible  to  participate  in  the  golf  tournament  or 
Symposium  sessions.  Companions  must  be  enrolled  in  this  program  to 
attend  any  Symposium  function. 

□  Sales/Marketing/Consulting  $10,000 

This  fee  applies  if  you  hold  a  sales,  marketing,  business  development  or 
consulting  position,  including  executive  management  of  IT  vendor  and  con¬ 
sulting  companies.  This  enrollment  fee  is  payable  by  company  check  only 
and  does  not  include  three  nights  hotel.  CXO  will  make  the  final  determi¬ 
nation  of  this  category. 

PAYMENT 

□  Check  enclosed.  Mail  to: 

Executive  Programs,  CXO  Media  Inc.,  P3620,  Boston,  MA  02241-3620 

□  P.O.  # _ 

□  MC  □  Visa  □  AmEx 


ACCT.  #  EXP. 


SIGNATURE 


YOUR  ORGANIZATION'S  ANNUAL  REVENUES  OR  ASSETS? 


YOUR  ANNUAL  IT  BUDGET? 


All  fees  must  be  paid  prior  to  the  Symposium,  and  all  cancellations  and 
changes  must  be  made  in  writing.  Transportation,  hotel  and  recreation  are 
your  responsibility.  You  may  cancel  your  Symposium  attendance  up  to  July 
19,  2002  without  penalty.  A  $900  administration  fee  will  be  imposed  for 
cancellations  received  between  July  20  -  August  2,  2002.  No  refund  or 
credit  will  be  given  for  cancellations  received  on  or  after  August  2,  2002 
or  for  no-shows.  CXO  reserves  the  right  to  limit  attendance  to  practitioners 
and  Partner  organizations. 


To  enroll  or  for  more  information,  call  800  355-0246,  fax  this  enrollment  form  to  508  879-7720,  or  visit  our  Web  site  at 

www.cio.com/conferences 


Sales  and  Services 

CIO  SALES  OFFICES 

President  &  CEO 

Joseph  L.  Levy  •  508  935-4601 
Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

Sales  Operations  Associate  Kim  Harris 

East  Coast 

Senior  VP  Sales/East 

Michael  J.  Masters  •  973  244-4024 

Senior  Regional  Mgr./Advertising  Sales 

Kathy  Powers  •  973  244-4041 

Regional  Sales  Manager 

El  lie  Schwab  •  973  244-4042 

Account  Executives 

Joan  Bonadeo  •  973  244-4043 

Gale  Tedeschi  •  973  244-4031 

Office  Mgr.  Marlene  Levis  •  973  244-4033 

Sales  Asst.  Lin  Viggiano  •  973  244-4035 

Administrative  Assistant 

Sharon  Harrison  •  973  244-4037 

New  England 

Senior  Regional  Manager/ Advertising  Sales 

Len  Ganz  •  508  935-4039 

Senior  Advertising  Sales  Associate 

Dawn  Cora  •  508  935-4092, 

Fax  508  879-6063 

Mid-Atlantic 

Senior  Regional  Manager/Advertising  Sales 


Louise  Cupelli  -215  627-8114 
Account  Executive 

Maureen  Welsh  •  215  627-8114 

South  Central 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 

Advertising  Sales  Associate 

Brenda  Garza  •  512  306-9801, 

Fax  512  306-9805 

North  Central 

Senior  Regional  Manager/Advertising  Sales 

Keith  H.  Kenner  •  847  441-5005, 

Fax  847  441-5150 

Account  Executive 

Beth  Carlson  •  847  441-3140 

Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 

West  Coast 

VP  Sales/West 

Cheri  McKeithan  •  415  975-2685 

Regional  Manager/ Advertising  Sales 

Ai  Collins  •  415  975-2686 
District  Manager 
Kristin  Nystrom  •  415  975-2687 
Account  Executives 

Jeff  Odell  -415  975-2682 
Sarajane  Robinson-Retondo  • 

415  975-2693 

Senior  Advertising  Sales  Associate 

Derek  Jung  •  415  975-2683 

Advertising  Sales  Associates 

Chris  DaRosa  •  415  975-2688 
Anna  Limon  •  415  975-2694 

Southern  California 

Regional  Sales  Manager  Chris  Hempel  • 

949  475-5579,  Fax  949  475-5583 


Account  Executive  Chris  Bramel  • 

949  475-5579,  Fax  949  475-5583 

Sales  Associate  Isaac  Ugay  •  949  475-5579, 

Fax  949  475-5583 

NEW  BUSINESS  DEVELOPMENT 

VP,  Business  Development  &  Strategic 
Alliances  Cheryl  M.  Hardy  •  202  625-8342 
Coordinator,  Business  Development 

Kelly  Gabe- 202  625-8343 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

List  Services  Coordinator 

Kim  Cormican  •  508  935-4152 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Online  Sales  Mgr. 

Michael  McPhee  •  508  935-4611 

CUSTOM  PUBLISHING 

Group  Director  Michael  Siggins 
Director  Mary  Gregory 

Director  of  Content  Development  Tom  Field 
Project  Managers  Lisa  Chaffin  (Senior), 
Sally  Ellison 

Graphic  Designer  Chris  Brown 

REPRINT  SERVICES 

651 582-3834,  E-mail  kastickney@ 
reprintservices.com 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html 


CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.tti.on.ca/cio 
China,  CEO  &  CIO  China 
www.ceocio.com.cn 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
Korea,  CIO  Korea  www.cio.seoul.kr 
Poland,  CXO  Poland  www.cxo.pl 
New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 

Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 


CIO  Contact 
Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2002  by  CXO 
Media  Inc.  All  rights  reserved.  Repro¬ 
duction  of  material  appearing  in  CIO 
is  forbidden  without  written  permis¬ 
sion.  Send  all  requests  to  Permissions 
Department,  CIO,  492  Old  Connect¬ 
icut  Path,  P.O.  Box  9208,  Framing¬ 
ham,  MA  01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  %. 

Subscriptions:  Address  inquiries  to 
C/O,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208;  800  788-4605.  CIO  is  free  to 
qualified  information  executives.  To 
all  others  the  one-year  basic  rate  is 
$94  for  the  United  States  and 
Canada,  $175  to  foreign  countries 
(payable  in  U.S.  funds  only).  The 
single  copy  price  is  $9.  Please  allow 
four  to  six  weeks  for  new  subscrip¬ 
tions  to  begin. 

Change  of  Address:  Please  fax  a  copy 
of  current  subscription  label  along 
with  new  address  to  508  879-7899. 
Allow  four  to  six  weeks  for  change  to 
take  effect. 

Postmaster:  Send  change  of  address 
to  CIO.  P.O.  Box  489,  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S. A. 


Index  of  Companies 
and  Advertisers 

Page  numbers  refer  to  the  first  page 
of  the  article(s)  in  which  the  com¬ 
pany  is  mentioned.  This  index  is 
provided  as  a  service  to  readers. 

The  publisher  does  not  assume  any 
liability  for  errors  or  omissions. 

COMPANY  INDEX 

@Stake  Inc . 76, 110 

Accenture  Ltd . 36 

AccessData  Corp . 110 

Adecco  NA  . 84 

Aladdin  Knowledge  Systems  Ltd.  110 

AOL  Time  Warner  Inc . 36 

APL . 76 

ASR  Data  Acquisition  &  Analysis 

LLC . 110 

Avnet  Inc . 36 

Bain  &  Co . 84 

Bank  of  Lancaster  County . 102 

Bederson  &  Co.  LLP  . 110 

Bernard  Chaus  Inc . 76 

BP  PLC . 68 

CenterRun  Inc . 110 

ChevronTexaco  Corp . 68 

Cisco  Systems  Inc . 36 

Cutter  Consortium  . 84 

Deloitte  Touche  Tohmatsu . 102 

Eneco  Energie  . 110 

FleetBoston  Financial  Corp . 102 

Forrester  Research  Inc . 36 

Giga  Information  Group  Inc . 76 

Guardent  Inc . 110 


Guidance  Software  Inc . 10 

Harrah's  Entertainment  Inc . 76 

Hewlett-Packard  Co . 36 

Hon  Industries  Inc . 84 

Hurwitz  Group . 110 

International  Data  Corp . 110 

Internet  Security  Systems  Inc.  .  .  76 
Internet  Trading 

Technologies  Inc . 76 

Island  Paciflc/SVI  Solutions  Inc.  .  36 

Koch  Industries  Inc . 94 

Lance  Inc . 76 

Manugistics  Inc . 58 

Markle  Foundation,  The  . 36 

Matsushita  Communication 

Industrial  Co.  Ltd . 110 

Maximus  Inc . 36 

Medtronic  Inc . 84 

Meridien  Research  Inc . 102 

Meta  Group  Inc . 68 

Metavante  Corp . 102 

Morningstar  Inc . 68 

Motorola  Corp . 110 

Nasdaq  Stock  Market  Inc.,  The  .  .  76 
Nationwide  Mutual  Insurance  Co.  84 

Net  Future  Institute  LLC  . 36 

NetSupport  Inc . 76 

New  Technologies  Armor  Inc.  . .  110 

North  Shore  Credit  Union . 102 

Occidental  Petroleum  Corp . 58 

Omega  Engineering  Inc . 76 

PHH  Arval . 76 

Pinkerton  Consulting  and 

Investigations . 110 

Pivotal  Corp . 102 

Pro  Tech  Monitoring  Inc . 36 

PRTM  . 68 


Research  Triangle  Institute . 36 

Sony  Pictures  Digital 

Entertainment  Inc . 76 

Starbucks  Corp . 36 

Sun  Microsystems  Inc . 36 

Surrey  Metro  Savings 

Credit  Union  . 102 

TowerGroup . 102 

Union  National 

Community  Bank  . 102 

U.S.  Securities  and 

Exchange  Commission  . 36 

Visibility  Corp . 94 

Wachovia  Corp . 102 

X10  . 110 

Xpherix  . 36 

ADVERTISER  INDEX 

Avaya  . 32,  33 

Bose . 131 

Cisco  Systems  Inc . 45 

Cognos  Inc . 25 

Computer  Associates 

Inti.  Inc . 7,  63, 100 

Crystal  Decisions . 91 

CXO  Media  Inc . 

. 92, 135, 139, 140,  142 

Datacore  Software  . 99 

Datalink  . 121 

Day  Corp . 47 

Dell  Computer  Corp . 2 

EMC  Corp . 39 

Enterprise  Software  HQ . 109 

Fujitsu . 42 

Gateway  . Ill 

Genesys  Telecommunications  . .  105 

Genuity  . 74 

Harvard  Business  School  . 93 


Hewlett-Packard  . 49,  50 

IBM  Corp .  16, 18,  20,  22, 133 

ITworld.com . 62, 137 

KPMG  LLP  . 55 

Lockheed  Martin . 97 

Manugistics  Inc . 127 

Mercury  Interactive  . 41 

Michigan  Economic 

Development  Corp . 117 

Microsoft  Corp . 34,  81,  83 

NEC/Mitsubishi . 28 

Nortel . 115 

Novell  Inc . 4 

Parametric  Technologies  Corp.  ,  125 

Peoplesoft  Inc . 61 

Peregrine . 107 

Qualcomm . 11 

Quantum  Corp . 31 

Quantum's  Network  Attached 

Storage  Div . 89 

Qwest  Communications  . 95 

Red  Hat  Inc . 113 

SAP . 87 

SAS . 37 

Siebel  Systems . C4 

Siemens  . 129 

Sony  Corp . 123 

Sprint  . 65,  67 

Sterling  Commerce . 56 

Sun  Microsystems  Inc . 12, 14 

Symantec  Corp . C3 

Tallan  . 119 

Trend  Micro  Devices . C2 

Unisys/Microsoft . 27 

Veritas  Software  . 53 

Vignette . 8 

Xerox  Corp . 59 


www.cio.com  •  JUNE  1,  2002  CIO  143 


EXECUTIVE 


June  1,  2002 


COVER  STORY  I  Chevron- 
Texaco’s  Supply  Chain 

By  Ben  Worthen  I  68 

During  the  past  10  years,  Chevron- 
Texaco,  the  nation’s  eighth  largest 
company,  has  shifted  from  a  supply- 
driven  business  model  to  a  far  less  costly 
demand-driven  model.  Each  year,  the 
company  has  invested  $15  million  in  supply 
chain  technology — proprietary  systems  that 
capture  real-time  data,  as  well  as  advanced 
planning  systems  and  an  SAP  implementa¬ 
tion.  Refining,  marketing  and  logistics 
departments  use  the  demand  data  captured 
at  Chevron  filling  stations,  plus  other  points 
of  sale  such  as  airlines  and  trucking  compa¬ 
nies,  to  plan  refinery  loads,  time  spot-market 
purchases  and  schedule  refill  deliveries.  The 
data,  and  the  integration  work  that  allowed 
it  to  be  shared  across  the  company,  has 
improved  decision  making  at  every  point  in 
the  customer-facing  supply  chain.  Chevron’s 
2000  profits  increased  by  more  than 
$100  million  to  $778  million,  much  of  it 
attributable  to  the  successful  shift  to  a 
demand-driven  supply  chain. 


“It  was  a  fundamental 
shift  to  take  the  customer 
view.  Before,  we  acted 
like  a  manufacturing 
company,  just  trying  to 
make  products,  when 
really  the  market  was 
customer-driven.” 

-LOUIE  EHRLICH,  CIO  FOR  GLOBAL 
DOWNSTREAM,  CHEVRONTEXACO 


The  Insider  Security  Threat  By  Sarah  D.scaiet  I  76 

MANY  COMPANIES  DON’T  do  enough  to  protect  against  insider  threats — the  source  of  the 
most  damaging  attacks.  Managers  are  leery  of  breaking  the  trust  they  have  built  with  their  employees 
by  presuming  them  capable  of  criminal  activity.  But  there  are  some  easy  ways  to  improve  internal 
security  without  making  honest  people  feel  like  crooks.  For  example,  companies  can  limit  the  damage 
any  one  employee  can  do  by  setting  up  access  controls  that  map  a  person’s  job  function  to  the 
resources  needed  to  do  that  job.  Perimeter  protection,  which  divides  internal  information  spaces  into 
zones,  allows  companies  to  control  who  enters  a  given  zone  based  on  job  requirements.  Software  can 
be  used  to  monitor  employee  activity  in  zones  where  they  are  not  normally  supposed  to  be.  When 
such  controls  are  implemented  from  the  start,  an  employee  is  less  likely  to  take  them  personally — it’s 
just  part  of  a  given  job  function. 

Strategic  Planning  ByDerekSlater  I  84 

CIOS  PLAN  STRATEGY  by  imagining  the  desired  future  and  analyzing  the  present.  Then  they 
identify  the  gaps  between  the  two  and  draw  a  road  map  to  close  them.  They  consider  competition, 
technology  and  risk.  It  sounds  deceptively  simple,  but  there  are  several  mistakes  IT  strategists  often 
make  when  drafting  their  road  map:  They  don’t  participate  in  building  the  business  plan,  they  fail  to 
heed  the  CXOs’  desires,  they  plan  at  the  wrong  level  of  detail,  they  fail  to  follow  through  on  the  plan 
or  they  stick  to  it  too  rigidly.  CIOs  at  Hon  Industries,  Medtronic,  Nationwide  and  others  explain 
how  they  avoid  those  traps.  Before  writing  a  three-year  strategic  plan,  Hon  CIO  Malcolm  Field 
works  with  the  operating  company  presidents  and  their  direct  reports,  asking  business  process 
questions  such  as,  “How  are  we  going  to  handle  production  and  distribution  in  three  to  five  years?” 

Case  Files:  Koch  Industries’  Value  Methodology  ByMattvniano  I  94 

KOCH  MEMBRANE  SYSTEMS,  a  unit  of  multinational  conglomerate  Koch  Industries,  needed 
to  standardize  systems  and  processes  to  integrate  its  1998  acquisition  of  Fluid  Systems.  Koch  had  to 
weigh  implementation  alternatives  and  prove  whether  opting  for  a  new  ERP  system  was  a  better 
choice  than  signing  on  with  an  ASP  or  selecting  comparable  client/server  technology.  Koch  relied  on 
its  “origination”  methodology,  a  process  that  incorporates  research-based  estimates  and  the  assign¬ 
ment  of  risk  to  build  in  breathing  room  for  error. 

Team  members  tackled  software  and  ASP  costs,  and  calculated  relative  costs  of  consultants  needed. 
Benefit  estimates  focused  on  efficiency  improvements.  All  numbers  were  multiplied  by  risk  factors  to 
account  for  uncertainties  that  could  affect  the  costs.  The  final  analysis  pointed  to  purchasing  a  new 
ERP  system,  which  increased  efficiency  and  netted  savings  of  approximately  $430,000. 

CRM  in  the  Midmarket  By  Stephanie  Overby  I  102 

SMALL  TO  MIDSIZE  ENTERPRISES  that  don’t  deploy  CRM  as  part  of  a  carefully  crafted 
customer  strategy  will  find  it  harder  to  remain  viable  in  the  face  of  competition  from  larger  and  more 
technologically  enabled  companies.  Community  banks,  for  instance,  can  no  longer  assume  that  they 
know  their  customers  any  better  than  the  big  national  banks  do.  In  fact,  many  small  banks  make 
pricing  and  product  decisions  without  good  customer  knowledge,  yielding  losses  rather  than  profits. 
CRM  tools  can  help.  Union  National  Community  Bank  in  Pennsylvania  used  a  $250,000  CRM 
package  to  segment  its  customers  by  profitability  and  feed  all  transactions  into  a  single  data  ware¬ 
house  to  determine  which  products  would  generate  the  most  profits  from  particular  customers.  The 
payoff  has  been  a  rise  in  assets  and  earnings,  plus  $1  million  in  savings. 


14  4  CIO  JUNE  1,  2002 


www.cio.com 


Enterprise  Security  by  Symantec.  Networks  protected.  Threats  neutralized.  Peace  of  mind  restored. 

Today's  new  threats  require  a  new  level  of  protection.  Symantec  i  the  world's  leading  security  software  company,  can  provide 
it.  Our  technology  includes  vulnerability  management,  intrusion  detection,  firewalls.  VPN.  content  filtering  and  virus  protection. 
We  offer  a  range  of  services,  from  consulting  and  education  to  fully  managed  security.  And  our  global  response  team  constantly 
monitors  and  creates  fixes  for  the  latest  threats.  Symantec  Enterprise  Security  is  a  complete  solution  that  can  keep  your 
company  running  smoothly  and  with  confidence.  For  a  free  copy  of  our  latest  White  Paper  “Top  Management's  Perspective  on 
Security ”,  visit  www.symantec.com/ses22  or  call  800-745-6054. 

^  Symantec 

Symantec  and  the  Symantec  logo  are  U  S  rcfisteiW  tiiiemarts  ©2002  Symantec  Coiporatwn.  Ali  Rights  Resei  veil.  Gaitnci  Dalaquest  "?000  Security  SoRWarte  W.VrtcPt  Siasrp'*  f'eror!  ttasitd  on  time  license  revem*  In  ?(W 


Pierre  Danon,  CEO,  BT  Retail 


Pierre  Danon  knows  the  importance  of  time.  His  21  million  customers  expect  a  quick  response.  By 
using  Siebel  CRM  software  to  streamline  BT's  Homemover  program,  call-handler  satisfaction  rose 
34%.  Customer  satisfaction  reached  86%.  Revenues  per  customer  rose  20%.  And  in  just  one  12-week 
period,  5,000  new  accounts  were  identified.  Timely  improvements  even  the  busiest  CEO  can  appreciate. 


Siebel 

Good  service  is  good  business. 

To  learn  more,  call  1-800-307-2181  or  visit  siebel.com/casestudies. 


©2002  Siebel  Systems,  Inc.  All  rights  reserved.  Siebel  and  the  Siebel  logo  are  trademarks  of  Siebel  Systems,  Inc.,  and  may  be  registered  in  certain  jurisdictions.  Other  product  names,  designations  and  logos  may  be  the  trademarks  of  their  respective  owners. 


